Author Archives: Kaylin Trychon

Posted by Jan Keller, Technical Entertainment Manager, Bug Hunters Are you ready to put your hacking skills to the test? It’s Google CTF time!The competition kicks off on July 1 2022 6:00 PM UTC and runs through July 3 2022 6:00 PM UTC. Registrati… Continue reading Game on! The 2022 Google CTF is here.→

Posted by Brandon Lum and Oliver Chang, Google Open Source Security TeamThe past year has seen an industry-wide effort to embrace Software Bills of Materials (SBOMs)—a list of all the components, libraries, and modules that are required to build a piec… Continue reading SBOM in Action: finding vulnerabilities with a Software Bill of Materials→

Posted by Harshvardhan Sharma, Information Security Engineer, Google 2021 was another record-breaking year for our Vulnerability Rewards Program (VRP). We paid a total of $8.7 million in rewards, our highest amount yet. 2021 saw some amazing work … Continue reading Announcing the winners of the 2021 GCP VRP Prize→

Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better, encryption becomes ubiquitous on the Web, authentication becomes stronger. But phishing persistently remains… Continue reading Taking on the Next Generation of Phishing Scams→

Posted by Caleb Brown, Open Source Security Team Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software. U… Continue reading The Package Analysis Project: Scalable detection of malicious open source packages→

Posted by Tom Hennen, software engineer, BCID & GOSST In our last two posts (1,2) we introduced a fictional example of Squirrel, Oppy, and Acme learning to SLSA and covered the basics and details of how they’d use SLSA for their organizations…. Continue reading How to SLSA Part 3 – Putting it all together→

Posted by Tom  Hennen, software engineer, BCID & GOSST In our last post we introduced a fictional example of Squirrel, Oppy, and Acme learning to use SLSA and covered the basics of what their implementations might look like. Today we’ll c… Continue reading How to SLSA Part 2 – The Details→

Posted by Tom Hennen, Software Engineer, BCID & GOSST One of the great benefits of SLSA (Supply-chain Levels for Software Artifacts) is its flexibility. As an open source framework designed to improve the integrity of software packages and inf… Continue reading How to SLSA Part 1 – The Basics→

Posted by Asra Ali and Laurent Simon, Google Open Source Security Team (GOSST)Many of the recent high-profile software attacks that have alarmed open-source users globally were consequences of supply chain integrity vulnerabilities: attackers gained co… Continue reading Improving software supply chain security with tamper-proof builds→

Posted by Medha Jain, Program Manager, Devices & Services Security At Google, we constantly invest in security research to raise the bar for our devices, keeping our users safe and building their trust in our products. In 2021, we published Go… Continue reading Find and $eek! Increased rewards for Google Nest & Fitbit devices→