Google, the biggest search engine in the world, recently revealed a number of new cybersecurity Initiatives. These initiatives are meant to improve the ecosystem for managing vulnerabilities and make it harder to exploit them. Unfinished fixes from vendors are another source of security risks, and many of the zero-day flaws that are used in the field are changed versions of flaws that have already been fixed.
Addressing the root cause of the vulnerabilities and prioritizing existing safe software development practices are required to eliminate entire classes of risks and avoid potential attack vectors. A Hacking Policy Council will be formed by Google, Bugcrowd, HackerOne, Intel, Integrity, and Luta Security to “ensure new policies and regulations support best practices for vulnerability management and disclosure.”
Moreover, Google stated in a statement,
Zero-day vulnerabilities typically makes the news, but the real story is that risks still exist even after they’ve been found and fixed. These risks include OEMs taking too long to adopt fixes, patch testing problems, problems with end-user updates, and more.
Google Rolls out Some New Cybersecurity Projects
Google made it clear that it is committed to telling the public about events whenever it finds proof of active exploitation of flaws in any of its products. The internet giant also revealed the creation of a Security Research Legal Defense Fund. This fund will help people who are doing research in good faith to find vulnerabilities and report them in a way that improves cybersecurity to get legal help right away.
Also Read: 5 Tips To Land Your First Cybersecurity Job
The business says that the goal is to get out of the “doom loop” of vulnerability patching and threat mitigation by “focusing on the fundamentals of secure software development, good patch hygiene, and designing for security and ease of patching from the start.”
Google’s most recent security initiative focuses on the need to look beyond zero-day vulnerabilities by making it hard to exploit them in the first place, making sure known vulnerabilities are patched quickly, setting up policies to deal with product life cycles, and letting users know when products are being actively exploited.
Also, it helps show how important it is to use secure-by-design concepts at every stage of the software development lifecycle.