Google shows its commitment to Secure by Design
In an ever more interconnected world facing growing numbers of cyberattacks, it's critical to ensure that technology systems are resilient in order to keep people safe.
Google has announced that it's signed up to the CISA's Secure by Design pledge, a voluntary commitment to specific security goals.
There are seven goals of Secure by Design; using multi-factor authentication, eliminating default passwords, reducing vulnerabilities, making patching easier, disclosing vulnerabilities, updating CVEs, and providing evidence of intrusions.
"We've dedicated years to incorporating Secure by Design at Google, but our work is not done, and we look forward to sharing more ways we'll deliver on CISA's pledge," writes Heather Adkins, Google's VP of security engineering on the company's blog. "Today's whitepaper will be the first of a series of insights we’ll publish in the coming months. Securing our digital ecosystem is a team sport, so we also encourage industry partners, policymakers and security experts to join this important work."
Among the things the company has done to meet the seven goals, Google has been part of the push to passwordless sign-in with passkeys, which have been used to authenticate users more than a billion times. It also treats discovered default passwords as vulnerabilities of their own, and has implemented measures across its products to mitigate this risk.
It's also adopted a safe coding framework and secure development environment, helping to reduce entire classes of vulnerabilities. It's focused on making patches easy to apply too.
Google's Vulnerability Disclosure Policy and Vulnerability Rewards Program (VRP) have connected it to security researchers to help secure products. Since launching the VRP, the company has distributed 18,500 rewards totaling nearly $59 million.
It also provides warnings about the security of Google accounts, and by provides a Security Checkup feature for personalized recommendations and security alerts. For Cloud, it uses audit logs to record and give visibility into activities within customers' Google Cloud resources.
You can read more on the Google blog and get a whitepaper on the company's commitment to Secure by Design.
Image credit: mindea / depositphotos