It has been reported that Google is closing down its social network Google+ after users’ data was exposed. It will shut down over the next ten months after it was revealed a software bug meant information that people believed was private had been accessible to third parties between 2015 and 2018. Up to 500,000 users had been affected, Google said, and data exposed is believed to include people’s names, email addresses, birth dates, profile photos, and gender. According to reports, the company knew about the issue in March but did not disclose it for fear of regulatory scrutiny.
Commenting on this, Gary McGraw, Vice President Security Technology at Synopsys, said “First Facebook, now Google. Software problems at huge tech companies continue to expose “the product,” which in the case of advertising-driven tech companies happens to be your data.
Getting software security right is difficult, but not impossible. Just as was the case in the Facebook “View As” design flaw, we see evidence in this Google+ case of just how tricky solid software engineering can be even for tech wizards. Making sure that APIs do not accidentally break security and privacy requirements is super important and is an aspect of design. Design flaws sometimes emerge in the gaps between systems that might otherwise seem fine on their own. The mind boggling complexity of today’s commercial systems is a major factor here, making systematically uncovering and correcting design flaws when software is being designed and built harder than ever.”