OpenSocial: How Secure Is it?

There’s been a great deal of positive buzz being made over the OpenSocial development platform Google recently unveiled.

And there’s also an ample amount of consternation being voiced about the new open standard. In particular, there exists some skepticism of Google’s (and it’s partners’) ability to employ firm and practically insurmountable security measures for OpenSocial, to ensure that the free flow of personal – and in some cases confidential – information remains under a solid set of locks and keys. So as to be unhackable, and thus, uncompromised.

Concerns made evident about OpenSocial’s security protocols are of course going to be a major topic of discussion, and rightly so. Google, nor its dozen or so initial partners in the project, could expect to continue with various developments, pertaining to OpenSocial or otherwise, without close scrutiny of their processes. But whether worries about OpenSocial’s strength in the face of malicious forces are warranted, is something else altogether.

That’s not to say that all these issues don’t go hand in hand. Of course they do. Very much. People work themselves over Internet security on a regular basis, and indeed have very legitimate reasons in taking precautions and traveling the safest routes possible. Yet, I think something must be said on Google’s part for the fact that, well…this is Google we’re speaking of.

There’s talk of fear that OpenSocial isn’t well seasoned, that it has not experienced years and years of attacks, and therefore hasn’t developed the kind of “street smarts” a long history of encounters with malevolent blackhats affords. And true it is that OpenSocial is very new and hasn’t quite run the real-world gauntlet of baddies just yet.

Still, true it is as well that OpenSocial is intrinsically a Google creation. And do correct me if I’m wrong, but does not that sort of ancestral linkage carry with it some amount of fortuity by default? I very much doubt Google would fail to deliver OpenSocial without addressing a wealth of security concerns, as it presumably does with most all of its other inventions – most especially those that reside in the public space. To think OpenSocial is poorly constructed or poorly executed is simply very difficult to imagine.

Now, there are definitely big issues to contend with in terms of new Web 2.0 technologies and the holes many startups fail to recognize and rectify, even after their beta tags are removed. But as of late, light has been shone on such matters, and they are now getting quite a bit of attention – however overdue it might be.

And on Google’s side of the aisle, things look pretty sheltered on the whole. Surely certain facets of certain constructions, whether assembled by the company or acquired through third-party sources, do show to be less than entirely “watertight”, but the never-ending hunt for holes in the fabric of the world’s technological inventions is called never-ending for a reason. Neither Microsoft, nor, Apple, nor Google, nor any other entity that plays in the land of bits and bytes is wholly secure.

All in all, the concept of OpenSocial is no doubt a lovely one, and unless it’s proven otherwise, I’ll sleep well thinking it a fairly solid and secure one. It’s going to take some cold hard experience on the mean streets of the open Internet to really prove itself worthy of the world’s trust, but I’ll dare to say I think it will manage to keep itself in check. Let’s just hope that Google’s partners in crime tend well to their fences, too.