Google, the Wassenaar Arrangement, and Vulnerability Research:
“Google, the Wassenaar Arrangement, and Vulnerability Research,” as a title it’s a bit of a mouthful, but the latest article posted on the Google Online Security Blog makes interesting reading. In some ways Google is a little like a god, lording it over the internet, but gods are often taken for granted and few people realize how much work goes on behind the scenes.
The new article details some of the ways Google has tried to protect users while they are online. In fact, the Big G even offers cash rewards for research that identifies vulnerabilities in their products. They also pay for research that provides “proactive improvements” to open-source software and, with a total spend of over $4 million so far, Google certainly seems to give the subject the respect it deserves. Google also supports open source solutions to personal security as discussed in a DeltinaU post on OpenID Connect.
Enter the Wassenaar Arrangement
Unfortunately there seems to be a certain amount of truth to that old saying “no good deed goes unpunished.” New export control rules suggested by the U.S. Department of Commerce may interfere with Google’s ability to identify many online security issues.
Members of the Wassenaar Arrangement have agreed to regulate many of the key areas relating to “intrusion software.” Google believes implementation of the suggested rules could have a disastrous impact on the open security research community and may actually lead to a less secure internet experience rather than a better one.
Continuing to be proactive, Google has already supplied the United States Commerce Department’s Bureau of Industry and Security (BIS) with a “lengthy” response to the proposed rules. Stating the rules are dangerously broad and vague, and pointing out some of the problem areas, Google has told BIS “You should never need a license when you report a bug to get it fixed.” It’s hard to argue with logic like that and Google has promised to update the blog post if BIS publish any further proposals relating to intrusion software.
Author: Steve Calvert
Steve Calvert is a freelance writer based in the Netherlands. He has expertise in several niches, including health and fitness and internet marketing, and also has a good knowledge of SEO.