Google Online Security Blog - RSS Feed

The latest news and insights from Google on security and safety on the Internet.

Latest articles

Protecting more with Site Isolation

Posted by Charlie Reis​ and Alex Moshchuk, Chrome Security TeamChrome's Site Isolation is an essential security defense that makes it harder for malicious web sites to steal data from other web sites. On Windows, Mac, Linux, and Chrome OS, Site Isolation protects all web sites from each other, and also ensures they do not share processes with extensions,...

Advancing an inclusive, diverse security industry

Posted by Sarah Morales, Community Outreach Manager, Security It’s no secret that lack of diversity in corporate America is a well-documented problem and improvements have been slow. To help improve female representation in the cybersecurity industry, Google teamed up with Women in Cybersecurity (WiCyS) and SANS Institute a year ago to establish the...

Verifiable design in modern systems

Posted by Ryan Hurst, Production Security TeamThe way we design and build software is continually evolving. Just as we now think of security as something we build into software from the start, we are also increasingly looking for new ways to minimize trust in that software. One of the ways we can do that is by designing software so that you can get...

Measuring Security Risks in Open Source Software: Scorecards Launches V2

Posted by Kim Lewandowski, Azeem Shaikh, Laurent Simon, Google Open Source Security TeamContributors to the Scorecards project, an automated security tool that produces a “risk score” for open source projects, have accomplished a lot since our launch last fall. Today, in collaboration with the Open Source Security Foundation community, we are announcing...

Announcing a unified vulnerability schema for open source

Posted by Oliver Chang, Google Open Source Security team and Russ Cox, Go team In recent months, Google has launched several efforts to strengthen open-source security on multiple fronts. One important focus is improving how we identify and respond to known security vulnerabilities without doing extensive manual work. It is essential to have a precise...

Get ready for the 2021 Google CTF

Posted by Kristoffer Janke, Information Security EngineerAre you ready for no sleep, no chill and a lot of hacking? Our annual Google CTF is back!The competition kicks off on Saturday July 17 00:00:01 AM UTC and runs through Sunday July 18 23:59:59 UTC. Teams can register at http://goo.gle/ctf. Just like last year, the top 16 teams will qualify for...

Introducing SLSA, an End-to-End Framework for Supply Chain Integrity

Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team Supply chain integrity attacks—unauthorized modifications to software packages—have been on the rise in the past two years, and are proving to be common and reliable attack vectors that affect all consumers of software. The software development...

Rust/C++ interop in the Android Platform

Posted by Joel Galenson and Matthew Maurer, Android Team One of the main challenges of evaluating Rust for use within the Android platform was ensuring we could provide sufficient interoperability with our existing codebase. If Rust is to meet its goals of improving security, stability, and quality Android-wide, we need to be able to use Rust anywhere...

Verifiable Supply Chain Metadata for Tekton

Posted by Dan Lorenc, Priya Wadhwa, Open Source Security TeamIf you've been paying attention to the news at all lately, you've probably noticed that software supply chain attacks are rapidly becoming a big problem. Whether you're trying to prevent these attacks, responding to an ongoing one or recovering from one, you understand that knowing what is...

Announcing New Abuse Research Grants Program

Posted by Anna Hupa,  Marc Henson, and Martin Straka, Google VRP Team Our Abuse Bug Bounty program has proved tremendously successful in the past three years since its introduction – thanks to our incredibly engaged community of researchers. Their contributions resulted in +1,000 valid bugs, helping us raise the bar in combating product abuse.As a result...

Discover, share and read the best on the web

Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!