Google wants its developer community to pick through its latest Chrome extension, End-to-End, for potential vulnerabilities.
End-to-End, currently in Alpha release, allows users to encrypt, decrypt, digitally sign and verify signed messages within the browser. It implements the OpenPGP standard, IETF RFC 4880. As part of its security process, Google has posted the source code on code.google.com, and it wants those with the skills to give it a thorough looking-over.
“One of the reasons we are doing this source code release is precisely so that the community as a whole can help us make sure that we haven’t overlooked anything in our implementation of End-To-End,” reads Google’s note on the matter, as part of an FAQ breaking down the extension’s capabilities. “Once we feel that End-To-End is ready, we will release it via the Chrome Web Store ourselves.”
With cyber-threats on the rise and IT security resources often stretched thin, many individuals and companies increasingly depend on tech vendors such as Google to provide robust security for data. According to security firm Symantec, some 80 percent of small businesses fall victim to attacks during their first year of operation; major enterprises have also suffered their share of breaches. Looking beyond the hacker threat, many are also worried about the extent of government surveillance into their online lives.
Even with this crowd-sourced security check, it’s not outside the realm of possibility that someone could eventually find a hole in End-to-End. But with enough eyeballs focused on the code, the chances of that happening are likely reduced.
- PEA: A New Method of Encryption?
- Twitter Stopped Encryption Project: Report
- How Security Skills Can Help You Get a Startup Job
Image: Brian A. Jackson/Shutterstock.com