Understanding Google's Bug Bounty Program

Some people have taken Google’s idea of offering security bug bounties, and taken them to their logical conclusion: why stop at security bugs? Why not incentivize reporting of ALL software bugs with bounties? Aren’t other companies cheap for not offering bug bounties? Questions along these lines misunderstand how software development works. Engineers don’t sit on […]

OAuth Hell

It’s a pretty sad fact that OAuth has come to be a de-facto industry standard for API authentication, because OAuth is so broken. Before OAuth, creating and consuming APIs across services was hell. We mostly just did stupid stuff like asked users for their passwords, so we could log in on their behalf and maybe […]