Less than a month into his reign as Facebook’s security chief, Alex Stamos is picking a fight with one of the industry’s top software providers.
Over the weekend, an ostensibly sober Stamos tweeted: “It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.”
“Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once,” Stamos added in a separate tweet.
Stamos -- who previously served as Yahoo’s chief information security officer -- is hardly alone in his disdain for Adobe and its perceived hacking vulnerabilities. Indeed, Stamos’ tweets were favored more than 800 times and shared over 1,000 times.
More broadly, the fighting words come at time of growing uncertainty about the safety of the information that consumers share with Facebook and other online services.
Addressing the inherent “risk” that consumers face in the digital, Stamos recently blogged: “It is the responsibility of our industry to build the safest, most trustworthy products possible.”
Facebook has faced certainly its security challenges. Earlier this year, a Web developer named Laxman Muthiyah claimed to have figured out how to delete every one of those hundreds of billions of images on the social network. Luckily for Facebook’s more than 1 billion users, Muthiyah reported the security hole to the company.
Among other security efforts, Facebook recently released Security Checkup -- a feature that prompts users to explore password security options when surfing the mobile Web.
In February, Facebook also rolled out ThreatExchange -- an API-based platform for sharing security threat information. Inspired by a collaboration with other technology companies, the exchange had been in the works for a little over a year before its official debut. ThreatExchange is built on the existing Facebook platform infrastructure, onto which it layered APIs. Partner companies can query the available threat information, as well as publish to all or a subset of participating organizations.
Normally, security threat data is freely available information, like domain names and malware samples. Yet, for situations where a company might only want to share certain indicators with companies known to be experiencing the same issues, Facebook added built-in controls to make limited sharing possible.
Earlier partner companies included Pinterest, Tumblr, Twitter and Yahoo, according Hammell. More recent participants include Bitly and Dropbox.