Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Cloud technologies are becoming an impregnable fortress for digital attacks.
Google Cloud continues to evolve security and transparency measures, strengthening its vulnerability identification efforts. The company recognizes that vulnerability tracking is critical to protecting users, businesses, and software vendors.
The Common Vulnerabilities and Exposures (CVE) system has become an important tool for building trust in the IT community, allowing users to quickly identify and remediate vulnerabilities. It's a global, standardized system that helps prioritize threat mitigation without spraying it all over.
From now on, the Google Cloud platform will begin to assign CVE for critical vulnerabilities in its products, even if no action or updates are required from customers. To make such cases easier to understand, the records will be tagged with "exclusively-hosted-service", indicating that customers do not need to take any action.
Phil Venables of Google Cloud's chief information security officer said transparency and collaborative action to address entire classes of vulnerabilities are key in the fight against cybercriminals. According to him, the company will continue to innovate and support the community of defenders.
A report by the Cybersecurity Board (CSRB) indicates that lack of proper attention to security leads to serious data breaches, which are especially dangerous for large platforms. An example was the incident with the Storm-0558 group, which used fake tokens to access the email accounts of organizations.
Google Cloud is actively collaborating with the industry through programs like Cloud VRP, as well as through the publication of CVEs to increase transparency. This allows customers to better understand the risks and strengthen their defenses. Since 2011, Google, as one of the authorized organizations, has issued more than 8000 CVEs for its products.
The above announcement underscores Google Cloud's commitment to a culture of vulnerability openness. The company continues to publish CVE on its security bulletin website and aims to strengthen the security of both its own and external products.
Source
Google Cloud continues to evolve security and transparency measures, strengthening its vulnerability identification efforts. The company recognizes that vulnerability tracking is critical to protecting users, businesses, and software vendors.
The Common Vulnerabilities and Exposures (CVE) system has become an important tool for building trust in the IT community, allowing users to quickly identify and remediate vulnerabilities. It's a global, standardized system that helps prioritize threat mitigation without spraying it all over.
From now on, the Google Cloud platform will begin to assign CVE for critical vulnerabilities in its products, even if no action or updates are required from customers. To make such cases easier to understand, the records will be tagged with "exclusively-hosted-service", indicating that customers do not need to take any action.
Phil Venables of Google Cloud's chief information security officer said transparency and collaborative action to address entire classes of vulnerabilities are key in the fight against cybercriminals. According to him, the company will continue to innovate and support the community of defenders.
A report by the Cybersecurity Board (CSRB) indicates that lack of proper attention to security leads to serious data breaches, which are especially dangerous for large platforms. An example was the incident with the Storm-0558 group, which used fake tokens to access the email accounts of organizations.
Google Cloud is actively collaborating with the industry through programs like Cloud VRP, as well as through the publication of CVEs to increase transparency. This allows customers to better understand the risks and strengthen their defenses. Since 2011, Google, as one of the authorized organizations, has issued more than 8000 CVEs for its products.
The above announcement underscores Google Cloud's commitment to a culture of vulnerability openness. The company continues to publish CVE on its security bulletin website and aims to strengthen the security of both its own and external products.
Source
