Umair's Blog: 12/09/2010

App Tuesday: Celebrate Google Apps Marketplace’s half birthday with 12 new apps

Six months ago, the Google Apps Marketplace was born, and we’re excited to celebrate its growth in this short time. Today, more than 4 million Google Apps users have Marketplace apps installed on their domain. In addition, there are now more than 200 integrated apps available to Google Apps users, covering customer relationship management, accounting, finance, project management, and more. Almost every week, third-party applications are joining the Apps Marketplace to address an expanding range of business needs.

This App Tuesday, we’re celebrating our half birthday by launching 12 new apps to the Marketplace. If you are an Apps domain admin, you can extend your Google Apps functionality with just a few easy clicks. All of these installable apps offer single sign-on, so your users can start using them conveniently right from the universal navigation bar in Google Apps. In addition, many applications have implemented deeper integrations with Google Apps, such as Calendar sync or Gmail contextual gadgets, which present relevant information from third-party apps in-line within a Gmail message. Try out these apps and join the other 4 million Apps Marketplace users:

Grockit - Social Learning Platform for Students
A social platform for learning that provides students with collaborative, real-time study rooms and relevant coursework to achieve various educational goals.
Integrations: Single sign-on, Google Calendar sync, Google Docs
Elance - Talent Acquisition and Management
An employment platform that offers talent-hungry companies instant access to qualified online workers and the tools to hire, evaluate, and compensate them.
Integrations: Single sign-on
ERPLY - Enterprise Resource Planning
An ERP software that helps you easily manage your points of sale (POS), inventory, relationships and billing by providing real time information.
Integrations: Single sign-on, Google Calendar
Insync - Document Management
A dropbox for Google Apps that bi-directionally syncs Google Docs to Finder and Explorer, allowing a user to work seamlessly across a desktop and browser.
Intergrations: Single sign-on, Google Docs sync, Google Contacts
Rainmaker - Social CRM
A tool to supercharge your contacts by searching a user’s social networks to auto-populate critical information and merging it right into Google Contacts.
Integrations: Single sign-on, Google Contact Sync
Pipeline Deals - Customer Management
A CRM tool to help manage your sales pipeline by overseeing deal flow, tracking leads, and running reports. Current PipelineDeals users manage a combined sales pipeline of $60 billion.
Integrations: Single sign-on, Google Calendar Sync, Google Contacts Sync
Idea2 - Customer Management
A CRM tool that organizes data according to employees’ usage patterns and makes critical data available to them in the most relevant locations.
Integrations: Single sign-on, Gmail, Google Calendar
Kashoo - Accounting and Finance
Accounting software that creates and sends invoices, manages expenses, reconciles bank statements, tracks cash flow, and generates financial reports.
Integrations: Single sign-on, Google Docs, Google Calendar, Gmail
SimplifyThis - Productivity
A tool to help employees book appointments, manage billing, and track clients through a fluid interface with Google Apps.
Integrations: Single sign-on, Google Calendar
OffiServ - Productivity
An application that supports administrative processes by automating various functions, such as purchase order approval, vacation management, and resource distribution.
Integrations: Single sign-on
Mindquilt - Productivity
An internal question and answer platform for companies to help streamline the process of employee inquiries and knowledge distribution.
Integrations: Single sign-on, Gmail, Google Talk
RecMan - Security and Compliance
A tool that provides transparent records management and compliance features, centralized document access control, and retention, legal holds and disposition policy management.
Integrations: Single sign-on, Google Docs, Gmail

Check out our Apps Marketplace to explore one of these new apps or the other over 200 existing apps. If you've #gonegoogle and tried the #appsmarketplace, let other users know what you recommend via Twitter or submit your suggestions for additional apps.

Posted by Harrison Shih, Google Apps Marketplace Team

For your viewing pleasure: a new and improved way to explore online photos

When you’re curious about a new place - be it a restaurant that you haven’t yet tried or a popular tourist attraction you’re considering visiting on an upcoming trip - you may find it useful to see what that place looks like in advance. For this reason, Place pages make it possible to visually explore various locations by aggregating and displaying photos from around the web.

Today, we’re offering you a better, more streamlined way to view these photos. With this new feature, you can easily flip through a whole collection of photos and find the sites on the web that have relevant pictures of a given place. Photos that have been uploaded by our Panoramio or Google Places users will appear in high-resolution as an overlay when users click on them. For photos from other sources, you can easily click on a specific photo to see more and visit the site it comes from.

This simple and intuitive online album experience makes it easier to explore all the wonderful photographs of places all over the world. For example, the above photos on the Place page for Coit Tower in San Francisco really help bring the place to life since they’re shot from multiple angles and different times of day, and provide context about this landmark’s location in San Francisco.

If you’re interested in uploading your photos of places and making them more discoverable online, check out Panoramio, a great way to share geo-tagged photos on the Web.

By Sascha Häberling, Software Engineer

Google Code University goes back to school

Fall is on the way — the leaves are changing, college football is in full swing and you're probably already knee-deep in schedules, new books and assignments. At Google, we're also prepping for back to school with the newest version of Google Code University. For the fall we've not only made our online course repository more slick and easier to navigate, but we've added new content and features to help you tackle your CS courses.

Some of the newest updates include:

We've also recently added several Discussion Forums with topics like web security, Python and C++ where you can ask your fellow students questions, or post interesting articles and resources. We'd also love your input on new course content in our General Forum.

Good luck with the new semester!

Posted by Mary Radomile, Education Program Manager

Vulnerability trends: how are companies really doing?

Posted by Adam Mein, Google Security Team

Quite a few security companies and organizations produce vulnerability databases, cataloguing bugs and reporting trends across the industry based on the data they compile. There is value in this exercise; specifically, getting a look at examples across a range of companies and industries gives us information about the most common types of threats, as well as how they are distributed.

Unfortunately, the data behind these reports is commonly inaccurate or outdated to some degree. The truth is that maintaining an accurate and reliable database of this type of information is a significant challenge. We most recently saw this reality play out last week after the appearance of the IBM X-Force® 2010 Mid-Year Trend and Risk Report. We questioned a number of surprising findings concerning Google’s vulnerability rate and response record, and after discussions with IBM, we discovered a number of errors that had important implications for the report’s conclusions. IBM worked together with us and promptly issued a correction to address the inaccuracies.

Google maintains a Product Security Response Team that prioritizes bug reports and coordinates their handling across relevant engineering groups. Unsurprisingly, particular attention is paid to high-risk and critical vulnerabilities. For this reason, we were confused by a claim that 33% of critical and high-risk bugs uncovered in our services in the first half of 2010 were left unpatched. We learned after investigating that the 33% figure referred to a single unpatched vulnerability out of a total of three — and importantly, the one item that was considered unpatched was only mistakenly considered a security vulnerability due to a terminology mix-up. As a result, the true unpatched rate for these high-risk bugs is 0 out of 2, or 0%.

How do these types of errors occur? Maintainers of vulnerability databases have a number of factors working against them:

Vendors disclose their vulnerabilities in inconsistent formats, using different severity classifications. This makes the process of measuring the number of total vulnerabilities assigned to a given vendor much more difficult.
Assessing the severity, scope, and nature of a bug sometimes requires intimate knowledge of a product or technology, and this can lead to errors and misinterpretation.
Keeping the fix status updated for thousands of entries is no small task, and we’ve consistently seen long-fixed errors marked as unfixed in a number of databases.
Not all compilers of vulnerability databases perform their own independent verification of bugs they find reported from other sources. As a result, errors in one source can be replicated to others.

To make these databases more useful for the industry and less likely to spread misinformation, we feel there must be more frequent collaboration between vendors and compilers. As a first step, database compilers should reach out to vendors they plan to cover in order to devise a sustainable solution for both parties that will allow for a more consistent flow of information. Another big improvement would be increased transparency on the part of the compilers — for example, the inclusion of more hard data, the methodology behind the data gathering, and caveat language acknowledging the limitations of the presented data. We hope to see these common research practices employed more broadly to increase the quality and usefulness of vulnerability trend reports.