Integrating Rust Into the Android Open Source Project
Posted by Ivan Lozano, Android Security & Privacy TeamThe Android team has been working on introducing the Rust programming language into the Android Open Source Project (AOSP) since 2019 as a memory-safe alternative for platform native code development. As...
Making the Internet more secure one signed container at a time
Posted by Priya Wadhwa, Google Open Source Security TeamWith over 16 million pulls per month, Google’s `distroless` base images are widely used and depended on by large projects like Kubernetes and Istio. These minimal images don’t include common tools...
Enabling Hardware-enforced Stack Protection (cetcompat) in Chrome
Alex Gough, Engineer, Chrome Platform Security TeamChrome 90 for Windows adopts Hardware-enforced Stack Protection, a mitigation technology to make the exploitation of security bugs more difficult for attackers. This is supported by Windows 20H1 (December Update) or later, running...
How we fought bad apps and developers in 2020
Posted by Krish Vitaldevara, Director of Product Management Trust & Safety, Google PlayProviding safe experiences to billions of users and millions of Android developers has been one of the highest priorities for Google Play for many years. Last year...
A New Standard for Mobile App Security
Posted by Brooke Davis and Eugene Liderman, Android Security and Privacy TeamWith all of the challenges from this past year, users have become increasingly dependent on their mobile devices to create fitness routines, stay connected with loved ones, work...
Rust in the Linux kernel
Posted by Wedson Almeida Filho, Android Team In our previous post, we announced that Android now supports the Rust programming language for developing the OS itself. Related to this, we are also participating in the effort to evaluate...
Rust in the Android platform
Posted by Jeff Vander Stoep and Stephen Hines, Android Team Correctness of code in the Android platform is a top priority for the security, stability, and quality of each Android release. Memory safety bugs in C and C++...
Announcing the Android Ready SE Alliance
Posted by Sudhi Herle and Jason Wong, Android Team When the Pixel 3 launched in 2018, it had a new tamper-resistant hardware enclave called Titan M. In addition to being a root-of-trust for Pixel software and firmware, it also...
Announcing the winners of the 2020 GCP VRP Prize
Posted by Harshvardhan Sharma, Information Security Engineer, Google We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud Platform (GCP), in turn helping us make GCP more secure for...
Google, HTTPS, and device compatibility
Posted by Ryan Hurst, Product Management, Google Trust ServicesEncryption is a fundamental building block when you’re on a mission to organize the world’s information and make it universally accessible with strong security and privacy. This is why a little...
A Spectre proof-of-concept for a Spectre-proof web
Posted by Stephen Röttger and Artur Janc, Information Security EngineersThree years ago, Spectre changed the way we think about security boundaries on the web. It quickly became clear that flaws in modern processors undermined the guarantees that web browsers...
Continuing to Raise the Bar for Verifiable Security on Pixel
Posted by Eugene Liderman, Android Security and Privacy TeamEvaluating the security of mobile devices is difficult, and a trusted way to validate a company’s claims is through independent, industry certifications. When it comes to smartphones one of the most...
#ShareTheMicInCyber: Brooke Pearson
Posted by Parisa Tabriz, Head of Chrome Product, Engineering and UX In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a profile series that aims to elevate and celebrate the...
Fuzzing Java in OSS-Fuzz
Posted by Jonathan Metzman, Google Open Source Security TeamOSS-Fuzz, Google’s open source fuzzing service, now supports fuzzing applications written in Java and other Java Virtual Machine (JVM) based languages (e.g. Kotlin, Scala, etc.). Open source projects written in JVM...
Introducing sigstore: Easy Code Signing & Verification for Supply Chain Integrity
Posted by Kim Lewandowski & Dan Lorenc, Google Open Source Security TeamOne of the fundamental security issues with open source is that it’s difficult to know where the software comes from or how it was built, making it susceptible to...
Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild
Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.
The list of updated applications includes Adobe Experience Manager,...
Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data
Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
SAP Patches High-Severity Flaws in Business One, NetWeaver Products
SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News.
read more
South Korea orders urgent review of energy infrastructure cybersecurity
No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…
Ransomware Gang Threatens Release of DC Police Records
A Russian-speaking ransomware syndicate that stole data from the Washington, D.C., police department says negotiations over payment have broken down, with it rejecting a $100,000 payment, and it will release sensitive information that could put lives at risk if...
