Tuesday, October 10, 2006

Google Code Search and Security

Post by Tom Stocky, Product Manager

Since Google Code Search launched a few days ago, we've received a lot of great feedback, including some about the dangers of exposing security flaws. Our goal with Code Search is to provide a useful resource for developers and help increase collaboration within the developer community. Unfortunately, tools that ease access to information for good can sometimes do so for bad... but it's our strong belief that the positive impact outweighs the negative, a belief thankfully shared by many of you.

We hope that Code Search will be used as a tool for solving security issues and helping people prevent exploits, since security through obscurity isn't really secure. In cases where we can help prevent certain malicious behavior, we'll do our best to do that. We're working on some changes already and we're very open to suggestions -- let us know if you have ideas.

Also, for those of you who want to keep your code from being crawled, please check out the FAQ that explains how to do that with a robots.txt file either on your website, the archive file or repository itself.

No comments:

Post a Comment