New from Google Cloud: Assured Open Source Software service | Google Cloud Blog
Andy ChangGroup Product Manager, Google Cloud Security, Security & Privacy There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks. Remediation efforts for vulnerabilities like Log4j and Spring4shell, and a 650% year-over-year increase in cyberattacks aimed at open source suppliers, have sharpened focus on the critical task of
How a simple Linux kernel memory corruption bug can lead to complete system compromise
In this case, reallocating the object as one of those three types didn't seem to me like a nice way forward (although it should be possible to exploit this somehow with some effort, e.g. by using count.counter to corrupt the buf field of seq_file). Also, some systems might be using the slab_nomerge kernel command line flag, which disables this merging behavior. Another approach that I didn't look
BeyondCorp Zero Trust Enterprise Security
BeyondCorp is Google's implementation of the zero trust model. It builds upon a decade of experience at Google, combined with ideas and best practices from the community. By shifting access controls from the network perimeter to individual users, BeyondCorp enables secure work from virtually any location without the need for a traditional VPN. BeyondCorp began as an internal Google initiative to e
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Using Chrome's accessibility APIs to find security bugs
Secure by Design: Google’s Perspective on Memory Safety
Pixel Binary Transparency: verifiable security for Pixel devices
GitHub - google/rust-crate-audits
Securely Hosting User Data in Modern Web Applications
New initiatives to reduce the risk of vulnerabilities and protect researchers
GitHub - google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Announcing GUAC, a great pairing with SLSA (and SBOM)!
GitHub - google/gke-policy-automation: Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices
Building a secure world
Risk and Compliance as Code | Google Cloud
Risk and Compliance as Code delivers solution modern security for digital transformation and modern IT | Google Cloud Blog
Introducing the Secure Open Source Pilot Program
An update on Memory Safety in Chrome
Protecting more with Site Isolation
AllStar: Continuous Security Policy Enforcement for GitHub Projects
GitHub - ossf/allstar: GitHub App to set and enforce security policies
