"People may get affected in a negative way, but open communication fosters more education on all parts," Long says. "Yeah, it helps the bad guys, but after sitting back and watching the discussion unfold about vulnerabilities and whether they should be open, it would be silly to think I'm protecting anyone by sitting on the information."

The GHDB is rolled into a short list of tools that can be modified to automatically run queries against your company's domain. Long has written an open-source tool called Gooscan, which conducts bulk Google searches. Athena is a similar tool that, like Gooscan, is not based on the Google API and is a violation of Google's terms of service. Google has the option of banning a violator's IP range from using its search engine. Other tools like Witko and Foundstone's Si...

"One of the things we're struggling with is figuring out how public and accessible we make [the GHDB]," Long says. "We're at the point now that we realize there's enough awareness around it. It's high time we start releasing it and making it as open as possible. That was our goal from the beginning--publicize this and raise awareness."

Then there's the question of whether Google has any responsibility not to disclose information that could imperil businesses--beyond honoring remove requests. A Google representative said the company's job is to bring the Internet to users. He declined further comment.

Long agrees that, while Google may have an opportunity to make a business of alerting companies that are being scanned, it doesn't have a responsibility to do so.

"It's not their data; Google doesn't own the data. It's the responsibility of the [business'] security people to keep their own space in order," Long says.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   NEXT PAGE  >