Google Blogoscoped

Monday, June 25, 2007

Douglas Merrill, Google’s Security Guy

CNet got to talk to Google vice president of engineering, Douglas Merill, employee at the company since 2003. Douglas, who got his first experiences with web security when he hacked white supremacist discussion boards in Arkansas, says “We don’t yet know what all the things are that can break in these interesting, exciting, new, highly interactive Web applications ... We believe we are at the forefront of a new science. We all have to invent the wheel in Web security.” He adds that “security is the coolest kind of problem because it is never solved.”

Google’s core security crew has about 50 members, CNet reports, though (naturally) all Google employees are responsible for security in the products they develop. Douglas says that security has been with the company culture right from the start, and that the “Google way” to do “is to get really smart people and make it very easy for them to do the right thing and kind of hard to do the wrong thing ... We have imprinted these really brilliant engineers at all levels, fresh out of college all the way up to very senior people, with a particular way of building code.” Also, new programs are run through a Google-cleaning tool called “Lemon.”

Nevertheless, as you probably heard, several Google vulnerabilities have been found in the past, some of which had the potential to compromise your Google account cookie (which means there are open or half-open doors towards personal Gmail data, Google Docs data, and so on). Douglas admits Google is much farther ahead when it comes to desktop applications than web applications and that “new bugs will happen,” but believes that with more history in the field of web apps, things will improve.

[Thanks! Photo originally by Google.]


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!