Tackling cybersecurity vulnerabilities through Secure by Design – The Keyword | Google Product and Technology News

Safety & Security
Mar 04, 2024
min read
Our new report — Secure by Design at Google — outlines our principles and approaches for strengthening security through a process that implements software security from the beginning of the design phase, onward.
In today’s cybersecurity landscape, vulnerable software can act as the conduit for devastating events. That’s why it’s critical that technology is safe before it reaches people, before we start coding, and throughout its lifecycle — it’s what we call technology that is Secure by Design.
Today, we’re releasing a report, Secure by Design at Google, outlining how we use these principles to strengthen our infrastructure and take the security burden off users and developers by implementing software security from the start. We’re also releasing, Secure by Design: Google's Perspective on Memory Safety, which shares our insights on how Secure by Design applies to memory safety and offers a way to fix this decades long vulnerability issue.
Over the past year, we have rightfully seen policy initiatives attempt to help shift the security burden from the end-users to software manufacturers, such as CISA’s Secure by Design initiative and the recent White House Memory Safety report. However, the ecosystem is still lacking a widely-adopted guide to set organizations in the right direction.
Today’s Secure by Design paper shares Google’s years of experience using the concept to "build security in" during the design of a software product and throughout the development lifecycle, rather than "bolting it on” afterwards. We offer four principles for Secure by Design for software design, development and deployment:
These four principles can help produce products and services that are designed to automatically defend users from things like malicious servers, network-level adversaries, attacks through downloaded files, phishing attacks, and more. These principles can also significantly reduce entire classes of vulnerabilities.
Securing software has historically been the responsibility of developers, with the expectation they understand and follow complex secure-coding guidelines. It’s no wonder so many incidents start with an error when developing and deploying systems: failure to consider a security threat during the design of a system, introduction of a coding error during development that results in a vulnerability, or a configuration change that exposes a deployed system to attack.
We believe that a Secure-by-Design approach applied to developer ecosystems is one of the most effective ways to achieve high assurance levels of safety and security. A developer ecosystem designed for safety and security ensures security invariants for applications, and prevents entire classes of vulnerabilities, providing assurance at scale. It’s why Google is investing to further expand use of memory safe languages to address the risk of developers accidently introducing these kinds of vulnerabilities, putting that responsibility on the language itself. We are also investing in building out the external memory-safe ecosystem, through a $1,000,000 grant to the Rust foundation, and funding efforts to bring Rust to the Linux Kernel.
To make products more secure as soon as they reach users’ hands means focusing upstream on our software development — perfecting safe coding, deployment and guidance. At Google, we will continue to engage deeply, share our experience, and partner to advance new frameworks, best practices and guidance to secure the digital domain for everyone.
Today, Google Quantum AI and Google.org are joining XPRIZE and the Geneva Science and Diplomacy Anticipator (GESDA) to launch XPRIZE Quantum Applications.
Let’s stay in touch. Get the latest news from Google in your inbox.
Follow Us

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *