How Google adopted BeyondCorp: Part 3 (tiered access)
Posted by Daniel Ladenheim, Software Engineer, and Hunter King, Security Engineer Intro This is the third post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the internal...
Trust but verify attestation with revocation
Posted by Rob Barnes & Shawn Willden, Android Security & Privacy TeamBillions of people rely on their Android-powered devices to securely store their sensitive information. A vital component of the Android security stack is the key attestation system. Android...
Expanding bug bounties on Google Play
Posted by Adam Bacchus, Sebastian Porst, and Patrick Mutchler — Android Security & Privacy We’re constantly looking for ways to further improve the security and privacy of our products, and the ecosystems they support. At Google, we understand the strength...
Protecting Chrome users in Kazakhstan
Posted by Andrew Whalley, Chrome SecurityWhen making secure connections, Chrome trusts certificates that have been locally installed on a user's computer or mobile device. This allows users to run tools to inspect and debug connections during website development, or...
How Google adopted BeyondCorp: Part 2 (devices)
Posted by Matt McDonald, Software Engineer, and Sebastian Harl, Software Engineer Intro This is the second post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the...
New Research: Lessons from Password Checkup in action
Posted by Jennifer Pullman, Kurt Thomas, and Elie Bursztein, Spam and Abuse researchBack in February, we announced the Password Checkup extension for Chrome to help keep all your online accounts safe from hijacking. The extension displays a warning whenever...
Making authentication even easier with FIDO2-based local user verification for Google Accounts
Posted by Dongjing He, Software Engineer and Christiaan Brand, Product Manager Passwords, combined with Google's automated protections, help secure billions of users around the world. But, new security technologies are surpassing passwords in terms of both strength and convenience. With...
Awarding Google Cloud Vulnerability Research
Posted by Felix Groebert, Information Security EngineeringToday, we’re excited to announce a yearly Google Cloud Platform (GCP) VRP Prize to promote security research of GCP. A prize of $100,000.00 will be paid to the reporter of the best vulnerability...
Understanding why phishing attacks are so effective and how to mitigate them
Posted by Elie Bursztein, Security & Anti-abuse Research Lead, Daniela Oliveira, Professor at the University of FloridaPhishing attacks continue to be one of the common forms of account compromise threats. Every day, Gmail blocks more than 100 million phishing emails and...
Adopting the Arm Memory Tagging Extension in Android
Posted by Kostya Serebryany, Google Core Systems, and Sudhi Herle, Android Security & Privacy Team As part of our continuous commitment to improve the security of the Android ecosystem, we are partnering with Arm to design the memory tagging...
Titan Security Keys are now available in Canada, France, Japan, and the UK
Posted by Christiaan Brand, Product Manager, Google Cloud Credential compromise as a result of phishing is one of the most common causes of security breaches. Security keys provide the strongest protection against these types of attacks, and that’s...
Chrome Fuzzer Program Update And How-To
Posted by Max Moroz, Fuzzing Evangelist, and Ned Williamson, Fuzzing Entrepreneur TL;DR We increased the Chrome Fuzzer Program bonus from $500 to $1,000 as part of our recent update of reward amounts. Chrome Fuzzer Program is a part of...
Bigger Rewards for Security Bugs
Posted by Natasha Pabrai and Andrew Whalley, Chrome Security Team Chrome has always been built with security at its core, by a passionate worldwide community as part of the Chromium open source project. We're proud that community includes world...
How Google adopted BeyondCorp
Posted by Lior Tishbi, Program Manager and Puneet Goel, Product Manager It's been almost five years since we released the first of multiple BeyondCorp papers, describing the motivation and design principles that eliminated network-based trust from our internal networks....
Google Public DNS over HTTPS (DoH) supports RFC 8484 standard
Posted by Marshall Vale, Product Manager and Alexander Dupuy, Software EngineerEver since we launched Google Public DNS in 2009, our priority has been the security of DNS resolution. In 2016, we launched a unique and innovative experimental service --...
Ning Wang – Offensive Security
Ning WangCEO Offensive Security
Why Nominated: Ning Wang is a rising star has worked to break the
boundaries in the security industry, so that people can see that anyone is
capable of starting a career in cybersecurity and advancing it –...
Dani Martínez – IOActive
Dani MartínezSecurity ConsultantIOActive
Why nominated:
Dani Martínez proved to be a self-starter, beginning his career in
IT he soon developed an interest in cybersecurity and began taking online
courses in his spare time. Martínez also dove write in and began a
cybersecurity blog...
Maurice Stebila – Harman, a Samsung Company
Maurice StebilaDigital Security,Compliance and Privacy OfficerHarman, a Samsung Company
Why nominated: Maurice Stebila has spent more than 30 years in the automotive,
manufacturing and financial services industry supporting two of the world’s
largest companies – EDS/General Motors and Harman by Samsung...
Ed Adams – Security Innovation
Ed AdamsPresident and CEOSecurity Innovation
Why Nominated:
A highly respected veteran of the cybersecurity industry, Security Innovation
CEO Ed Adams has taken on several new leadership roles in the year or so. Last
April, he was named to board of directors of...
David Archer – Galois
David ArcherPrincipal scientistGalois
Why Nominated: Archer, an
advocate for preserving privacy of data even when it’s used in decision-making
both within the U.S. at all levels of government as well as internationally,
directs research in privacy-preserving information technologies.
Profile: David Archer is all...
