Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Shares Its Security Secrets

Posted by kdawson on from the cultural-values dept.

Stony Stevenson writes "Google presents a big fat target for would-be hackers and attackers. At the RSA conference Google offered security professionals a look at its internal security systems. Scott Petry, director of Google's Enterprise and founder of security firm Postini, explained how the company handles constant pressure and scrutiny from attackers. In order to keep its products safe, Google has adopted a philosophy of 'security as a cultural value.' The program includes mandatory security training for developers, a set of in-house security libraries, and code reviews by both Google developers and outside security researchers."

8 of 106 comments (clear)

  1. More PHD Cowbell by mfh · · Score: 5, Funny

    Google fights scrutiny with scrutiny (and by having more PHDs than you).

    --
    The dangers of knowledge trigger emotional distress in human beings.
    1. Re:More PHD Cowbell by jgarra23 · · Score: 5, Funny

      Whoever modded me troll must have a PhD & work for Google :)

      Good luck selling those tiny little ads!!

  2. Code Reviews and Coding Conventions by Starrk · · Score: 5, Insightful

    How many buffer overrun exploits have been found in other people's software because the coders are just lazy? Google also tries to prevent this by explicit rules that everyone must follow no matter what: for example, you are not allowed to check in code using sprintf instead of snprintf.

    A little thing to be sure... until you realize that it's one of many such rules, and they actually are followed.

  3. Security secrets? by illegibledotorg · · Score: 5, Informative

    TFA is a little scant on "security secrets."

    What is covered is some general security policy and philosophy.

    And here I was, waiting to read all about GIDS and GFirewall. Thanks, ITNews, for instead educating be about archiving security logs for later review!

  4. Re:So, explain ... by Starrk · · Score: 5, Insightful

    Because distinguishing bots from humans is an unsolved problem. Even before Captcha's were broken by computers, there was an easier solution:

    If you are stuck on a Captcha or equivalent, spam people, pretend the Captcha is yours, and offer free porn to anyone who solves it.

    Preventing this is virtually impossible.

  5. Re:It's that darn preset target by illegibledotorg · · Score: 5, Insightful

    FWIW, their connection isn't any more encrypted than a standard VPN.

    The only part of the connection that is "more secure" is the authentication phase, since they had to use two factors to log in (their token code and their password).

    See Two-factor Authentication

  6. Re:It's that darn preset target by jollyreaper · · Score: 5, Funny

    "Those Who Sacrifice Liberty For Security Deserve Neither." - Benjamin Franklin

    "Those who sacrifice security for liberty deserve neither, either." -- BlowChunx "Those who sacrifice virgins to volcanoes are missing the point of what virgins are for." -- Me
    --
    Kwisatz Haderach
    Sell the spice to CHOAM
    This Mahdi took Shaddam's Throne
  7. NCC 1701G by mrsteveman1 · · Score: 5, Funny

    "Scott Petry, director of Google's Enterprise"

    The big secret? apparently google is developing a starship