Code search is not the source of all evil

A flaw not found is a flaw not fixed. Just one reason Google Code Search is a real find
Written by Leader , Contributor

The latest monster to escape from Google's labs is Code Search, a service designed to reach into every scrap of source code published on the Web and expose it to curious minds. Within hours of it going live, klaxons were wailing: all the dangerously imperfect and improperly posted software so uncovered would give far too much information to the enemy.

It is true that hackers, crackers and the rest of the black hat gang will be able to use Google Code Search to find flaws, illegally posted software source and other things to help them in their evil ways. The same is true of anything that eases access of Internet information: in general, the idea of search engines is to find things and in general, the advantages outweigh the drawbacks.

This attitude, that unfortunate truths may be best dealt with by discouraging knowledge, stretches way beyond the world of software. Nobody will tell you exactly why airline terror is best fought by banning your toothpaste, and you are strongly discouraged from asking. It is irresponsible to inquire, in case you give naughty people bad ideas.

Yet the greater responsibility is to ask. If Google Code Search can uncover passwords and credentials, then so can other, less well-known tools. The right reaction isn't to avert our gaze and instruct everyone else to do the same: it's to highlight the flaws and spread the word so that people don't leave sensitive information in public places. There is no security in obscurity, simply because there is no obscurity. Pretending otherwise is doing nobody any favours — and finding flaws is the first step to fixing them.

Furthermore, openness is no use if nobody knows where to look, so tools such as Google Code Search are essential. All the good things that make open source work as well as or better than proprietary software — its ability to educate developers, the creation of an economy of ideas, the thousand-eyeball approach to debugging — depend entirely on ease of access. Here, Google is a force multiplier and bringing potential to life.

No new tool is beyond abuse — but that is no reason to stop inventing. For all the perturbations that may accompany its birth, a world with Code Search is better than one without. There's no hiding the fact.

Editorial standards