Fone Forum
May 08, 2024, 04:05:51 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Fone Forum is pleased to welcome its valued guests and members.  We hope you will all enjoy your time with us, and find us a happy community of shared interests - who pool our knowledge, so that we can all come away better informed.  Wink  Cheesy  Grin
 
   Home   Help Search Login Register  
Fone Forum > Mobile networks, developments, services, & offers > Mobile developments (Moderator: mobileman) > Googlephone security team seeks bug hunters
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Googlephone security team seeks bug hunters  (Read 3898 times)
0 Members and 1 Guest are viewing this topic.
mobaholic
Administrator
Hero Member
*****
Offline Offline

Posts: 3117



WWW
« on: August 21, 2008, 09:58:04 AM »

Google's Android security team has appealed to bug hunters to help it iron out flaws in the platform.

In a posting to a full disclosure mailing list, Android security staff concede that security bugs in complex software stacks are inevitable.  They are inviting help from the security community in identifying and ironing out vulnerability wrinkles before they begin to show.

It's a refreshing approach that contrasts with the lack of openness from Apple's rival iPhone development team of whom little has been heard, apart from a recent job ad for a reverse engineer.

"As you may expect, building and maintaining a secure mobile platform is a difficult task," an Android security team member writes.  "While we have found and fixed many of our own bugs as well as flaws in other open-source projects, we realize that the discovery of additional security issues in a system this large and complex is inevitable."

The Android team expressed a preference for hearing about bugs first-hand rather than learning about them through such channels as full disclosure mailing lists.  Responsible disclosure of this type will help Google to push out patches in a timely manner.

"We do appreciate and encourage responsible disclosure, especially since Android will be deployed on many different devices that will require a large amount of coordination to patch," the post explains.

At this stage of the game would-be bug hunters do not have the benefits of devices running Android to test with.  Vulnerabilities in early emulator software have already been discovered by security tools firm Core Security back in March.

A beta (0.9) version of the Android Software Development kit was released on Monday.  More details on the security features of the platform will follow, the Android team promise.

"We will be releasing more details of the security features of the Android platform over the next several months, as well as developer documentation and guidance on how to use these features in your Android applications," the post, which gives contact details and links to information on the security philosophy for Android, explains.

The Android mobile device platform is based on Linux and developed by Google and the Open Handset Alliance, a consortium of hardware, software, and telecom firms.  Google has promised to make the majority of code for the Android platform available under the Apache open-source licence, once the first full version of the software is released later this year.

See:-   here.
Logged
Valued guests are cordially invited to join.  Registration is quick & easy, & only needs an email address.  You can then benefit from contributing to our forum, & being able to use our PM system.

If you do not do so, but wish to make contact, you may email:-  theadminteam.foneforum@gmail.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.026 seconds with 19 queries.