Google Shares Its Security Secrets

Stony Stevenson writes "Google presents a big fat target for would-be hackers and attackers. At the RSA conference Google offered security professionals a look at its internal security systems. Scott Petry, director of Google's Enterprise and founder of security firm Postini, explained how the company handles constant pressure and scrutiny from attackers. In order to keep its products safe, Google has adopted a philosophy of 'security as a cultural value.' The program includes mandatory security training for developers, a set of in-house security libraries, and code reviews by both Google developers and outside security researchers."

More PHD Cowbell

[mfh]

Google fights scrutiny with scrutiny (and by having more PHDs than you).

Re:More PHD Cowbell

[jgarra23]

Whoever modded me troll must have a PhD & work for Google :)

Good luck selling those tiny little ads!!

It's that darn preset target

[Dekortage]

Google presets a big fat target for would-be hackers and attackers.

Must be a new Google appliance. I'm glad it is preset, and does not need any end-user configuration.

In any case, I commute on the train with Google guys in NY. They use their laptops to work on the train, but have those little wireless security devices that generate random passwords for them when they want to log in, so their connection is fully encrypted.

Re:It's that darn preset target

[BlowChunx]

"Those Who Sacrifice Liberty For Security Deserve Neither." - Benjamin Franklin

"Those who sacrifice security for liberty deserve neither, either." -- BlowChunx

Re:It's that darn preset target

[jollyreaper]

"Those Who Sacrifice Liberty For Security Deserve Neither." - Benjamin Franklin

"Those who sacrifice security for liberty deserve neither, either." -- BlowChunx "Those who sacrifice virgins to volcanoes are missing the point of what virgins are for." -- Me

Re:Fluff Acticle

[Draped+Crusader]

No, The Daily Show is fake journalism at its best

Pathetic Article

[Safiire+Arrowny]

That article literally had no content whatsoever. In fact I think it was so content free that I might know less about how Google does security now.

Is there a page two I'm missing?

Re:Fluff Acticle

I thought cable news was fake journalism at its best.

Re:Security secrets?

[Peter+Cooper]

Scott Petry, director of Google's Enterprise and founder of security firm Postini, explained to attendees at the RSA conference how the company handles constant pressure and scrutiny from attackers.

I guess Google shared some secrets, and that's the news. Not that we get to read the secrets. Still, this is Slashdot.. :)

Re:The advantage of being an internet company

[mrsteveman1]

Netcraftsayswhat?

NCC 1701G

[mrsteveman1]

"Scott Petry, director of Google's Enterprise"

The big secret? apparently google is developing a starship

Re:Security secrets?

[street+struttin']

TFA is a little scant on "security secrets." Well duh. They're secrets.

Re:Any competently run site is pingable.

[jbpro]

Any competently run site is pingable.

Result of trying to ping slashdot.org:

$ ping slashdot.org

PING slashdot.org (66.35.250.150) 56(84) bytes of data.

--- slashdot.org ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8010ms

Re:Any competently run site is pingable.

[MadMidnightBomber]

Hmmm... where's BadAnalogyGuy when you need him? OK, look, blocking ping is like saying that you've seen a guy killed by an Isuzu truck, so you think you can prevent all fatal accidents by banning Isuzu trucks from the highway.

Ooh, ooh, and turning off all ICMP, hence killing PMTU discovery, is like taking the number off your front door to stop your house getting burgled and then wondering why you aren't receiving as much snail mail as you used to.