Last night there were reports of outages in Gmail. This morning there's an article, below, that tells us that Google had to make some significant changes to deal with a bug that was potentially going to make us get a lot more spam, malware and generally make things not so good.
Google had months to fix it, but it wasn't until public disclosure and proof of concept code was released that anything was done. It's hard to patch, and keep patching -- a point I saw in a Kordia webinar yesterday -- but it just has to be done. Provided you have a good risk awareneness and impact. In the Google case they thought they could fix it in a later patch release, meaning they didn't get it right.
