MustLive completed his Month of Search Engines Bugs (MOSEB) project and generated some interesting results. First let’s take a look at the targets, the who’s who of search:
Meta, Yahoo, HotBot, Gigablast, MSN, Clusty, Yandex, Yandex.Server (local engine), Search Europe, Rambler, Ask.com, Ezilon, AltaVista, AltaVista local (local engine), MetaCrawler, Mamma, Google, Google Custom Search Engine (local engine), My Way, Lycos, Aport, Netscape Search, WebCrawler, Dogpile, AOL Search, My Search, My Web Search, LookSmart, DMOZ (Open Directory Project), InfoSpace, Euroseek, Kelkoo, Excite.
Results of the projects: fixed 44 vulnerabilities from 104.
I’m actually a little impressed that so many got fixed so fast. Is this a result of diligence on the part of the search engine vendor? For some I’m sure it was. For others, did the risk of negative press speed remediation? More than likely. I guess Full-Disclosure will live on for web security, just maybe not so much in the US. Ukrainians certainly don’t seem to be deterred.