Google Cloud is ramping up its efforts to enhance security and transparency by focusing on vulnerabilities. The company understands the importance of tracking vulnerabilities to safeguard users, businesses, and suppliers.
Recognizing the significance of the Common Vulnerabilities and Exposures (CVE) system in building trust within the IT community, Google Cloud is now taking steps to assign CVEs for Critical vulnerabilities in its products. This initiative will help users quickly identify and address vulnerabilities, streamlining the process of threat elimination.
Under the new approach, Google Cloud will assign CVEs for Critical vulnerabilities in its products, even if customers do not need to take any actions or updates. To clarify such situations, these CVEs will be tagged as “Exclusively-Hosted-Service,” indicating that no customer action is required.
Phil Venables, the Information Security Director at Google Cloud, stressed the importance of transparency and collaborative efforts in eliminating vulnerabilities to combat cybercriminals. The company remains committed to driving innovation and supporting the defender community.
The Cybersecurity Council report highlights the risks associated with inadequate security measures, citing the STORM-0558 incident as an example. This incident exploited fake tokens to gain unauthorized access to organizations’ email accounts, underscoring the need for robust security protocols.
Google Cloud actively engages with the industry through initiatives like Cloud VRP and the publication of CVEs to enhance transparency. By providing customers with greater insights into potential risks, Google Cloud aims to bolster their security posture. Since 2011, Google has issued over 8000 CVEs for its products as an authorized organization.
The recent announcement underscores Google Cloud’s commitment to fostering a culture of openness regarding vulnerabilities. The company continues to publish CVEs on its website alongside security advisories, demonstrating its dedication to enhancing the security of both its own products and external offerings.