Google recently unveiled three initiatives to help the security community better mitigate cyber risk and support the vulnerability management ecosystem. One of these initiatives is the Hacking Policy Council which consists of “like-minded organizations and leaders” to help advocate for new policies and regulations to support best practices for vulnerability management and disclosure. Google is also launching the Security Research Legal Defense Fund to provide legal defense for independent security researchers who make contributions to good-faith security research. Finally, this tech giant is offering users greater transparency when it comes to vulnerability exploitation and patch adoption across their products.
The Hacking Policy Council is spearheaded by Google’s Security Policy Head, Charley Snyder. Snyder believes in working together with other vendors and regulating bodies in order to improve the security of the overall ecosystem, and protect users from potential vulnerabilities. Google is collaborating with Harley Gieger, a Cybersecurity Counsel from Venable LLP. His insight is crucial in helping to create a legal environment which encourages vulnerability disclosure and ethical hacking.
The Security Research Legal Defense Fund is Google’s commitment to setting aside an undisclosed funding amount to provide legal defense for independent security researchers who contribute to ethical vulnerability disclosure. With the fund, legal liabilities due to good-faith security research will be covered.
Google’s final initiative gives users more transparency when it comes to vulnerability exploitation and patch adoption across the company’s product ecosystem. Charley Snyder stated that “Users should know when they have been exploited, particularly when we can arm them with knowledge which can help them take steps to better protect themselves.” By making an explicit change to their vulnerability disclosure policy, Google is publicly disclosing when vulnerabilities in any of their products have been exploited.
Google is devoted to helping its users stay safe by giving them access to the latest security tools and providing them with detailed information about their security. By introducing these three new initiatives, the company is ensuring their commitment to the security community and helping them create a more secure environment for everyone. It is certainly very encouraging to see a tech giant like Google taking steps to make sure their vulnerable users are well protected.
