SELL FASTER BUY SMARTER SEARCH SHOP ADVERTS


SCROll DOWN TO SEE FORM TO POST ..SCROll DOWN TO SEE FORM TO POST
++MAP OR ENTER BELOW

THN

Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management

Apr 13, 2023Ravie LakshmananVulnerability Management

Vulnerability Management

Google on Thursday outlined a set of initiatives aimed at
improving the vulnerability management ecosystem and establishing
greater transparency measures around exploitation.

“While the notoriety of zero-day vulnerabilities typically makes
headlines, risks remain even after they’re known and fixed, which
is the real story,” the company said[1]
in an announcement. “Those risks span everything from lag time in
OEM adoption, patch testing pain points, end user update issues and
more.”

Security threats also stem from incomplete patches applied by
vendors, with a chunk of the zero-days exploited in the wild
turning out to be variants of previously patched
vulnerabilities.

Mitigating such risks requires addressing the root cause of the
vulnerabilities and prioritizing modern secure software development
practices to eliminate entire classes of threats and block
potential attack avenues.

Taking these factors into consideration, Google said it’s
forming a Hacking Policy Council to “ensure new policies and
regulations support best practices for vulnerability management and
disclosure.”

The company further emphasized that it’s committing to publicly
disclose incidents when it finds evidence of active exploitation of
vulnerabilities across its product portfolio.

Lastly, the tech giant said it’s instituting a Security Research
Legal Defense Fund to provide seed funding for legal representation
for individuals engaging in good-faith research to find and report
vulnerabilities in a manner that advances cybersecurity.

Google’s latest security push speaks to the need for looking
beyond zero-days by making exploitation difficult in the first
place, driving patch adoption for known vulnerabilities in a timely
manner, setting up policies to address product life cycles, and
making users aware when products are actively exploited.

It also serves to highlight the importance of applying
secure-by-design principles during all phases of the software
development lifecycle.

UPCOMING WEBINAR

Master the Art of Dark Web Intelligence Gathering

Learn the art of extracting threat intelligence from the dark
web – Join this expert-led webinar!

Save My
Seat![2]

The disclosure comes as Google launched a free API service[3]
called deps.dev API[4]
in a bid to secure the software supply chain by providing access to
security metadata and dependency
information[5] for over 50 million
versions of five million open source packages found on the Go,
Maven, PyPI, npm, and Cargo repositories.

In a related development, Google’s cloud division has also
announced the general availability[6]
of the Assured Open Source Software (Assured OSS) service for Java
and Python ecosystems.

Found this article interesting? Follow us on Twitter [7]
and LinkedIn[8]
to read more exclusive content we post.

References

  1. ^
    said
    (blog.google)
  2. ^
    Save My Seat!
    (thn.news)
  3. ^
    free API
    service     (security.googleblog.com)
  4. ^
    deps.dev
    API     (docs.deps.dev)
  5. ^
    security
    metadata and dependency information
    (thehackernews.com)
  6. ^
    general
    availability     (cloud.google.com)
  7. ^
    Twitter
     (twitter.com)
  8. ^
    LinkedIn
    (www.linkedin.com)

Read more

.An African People Search Engine Business directory and Entertainment Portal . Powered by The Swordpress Blog and the folks @ ojoojoo.com and Dotifi Web hosting

Submit A Place
Help Us Review This SwordPress !

RSS Latest News

Post Views: 994
[activity-stream]
THE HITCH hikers guide to Nigeria JobScout | Developed By Rara Theme. Powered by WordPress.
Get Mobile App Get Mobile App
Get Mobile App

Add a new location

Edit Location

Add up to 5 images to create a gallery for this location.

×