Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
Today, Google unveiled three new initiatives designed to support the vulnerability management ecosystem and help the security community better mitigate cyber risk.
New support for vulnerability management
One initiative, the Hacking Policy Council, will bring together a group of “like-minded organizations and leaders” to advocate for new policies and regulations to support best practices for vulnerability management and disclosure, without undermining user security.
“Our users don’t just use Google products, they use a variety of products and services which are interconnected and interdependent. So protecting our users means working to improve the security of the overall ecosystem. This includes working with other vendors as well as governments to ensure risk from vulnerabilities can be mitigated faster and more effectively,” said Charley Snyder, head of security policy at Google.
According to Harley Gieger, cybersecurity counsel of Venable LLP, the Hacking Policy Council will look toward “creating a more favorable legal environment for vulnerability disclosure and management.” This includes ethical hacking, bug bounties and penetration testing.
Event
Transform 2023
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
Defending defenders, informing users
Another initiative, the Security Research Legal Defense Fund, will set aside an undisclosed funding amount to support the legal defense of independent security researchers who make contributions to good-faith security research. The fund is designed to protect researchers from legal liabilities arising from ethical vulnerability disclosure.
Google’s final initiative committed the organization to offering users greater transparency over vulnerability exploitation and patch adoption across its own product ecosystem.
“We think users should know when they have been exploited, particularly when we can arm them with knowledge which can help them take steps to better protect themselves. We’ve always prioritized this transparency, but we are now making an explicit change to our vulnerability disclosure policy to commit to publicly disclose when we have evidence that vulnerabilities in any of our products have been exploited,” Snyder said.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.
Tim Keary
Source link
