This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Вміст надано Anton Chuvakin. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Anton Chuvakin або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Схожі до Cloud Security Podcast by Google
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
We help founders make something people want.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Learn how people are using AI at work to collaborate, find focus, and get stuff done—not at some point in the future, but today. Hear founders, researchers, and engineers talk about the problems they’re solving with the help of new and emerging AI tools, and how AI can help you spend more time on the work that matters most.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
))
EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
Manage episode 355884846 series 2892548
Вміст надано Anton Chuvakin. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Anton Chuvakin або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Guest:
Ana Oprea, Staff Security Engineer, European Lead of Vulnerability Coordination Center @ Google
Topics:
What is the scope for the vulnerability management program at Google? Does it cover OS, off-the-shelf applications, custom code we wrote … or all of the above?
Our vulnerability prioritization includes a process called “impact assessment.” What does our impact assessment for a vulnerability look like?
How do we prioritize what to remediate? How do we decide on the speed of remediation needed?
How do we know if we’ve done a good job? When we look backwards, what are our critical metrics (SLIs and SLOs) and how high up the security stack is the reporting on our progress?
What of the “Google Approach” should other companies not try to emulate? Surely some things work because of Google being Google, so what are the weird or surprising things that only work for us?
Resources:
SRS Book, Chapter 20: Understanding Roles and Responsibilities and Chapter 21: Building a Culture of Security and Reliability
Why Google Stores Billions of Lines of Code in a Single Repository
SRE book and SRE Workbook
“How Google Secures It's Google Cloud Usage at Massive Scale” (ep107)
“Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance” (ep66)
“How We Scale Detection and Response at Google: Automation, Metrics, Toil” (ep75)
170 епізодів
Поширити
Manage episode 355884846 series 2892548
Вміст надано Anton Chuvakin. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Anton Chuvakin або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Guest:
Ana Oprea, Staff Security Engineer, European Lead of Vulnerability Coordination Center @ Google
Topics:
What is the scope for the vulnerability management program at Google? Does it cover OS, off-the-shelf applications, custom code we wrote … or all of the above?
Our vulnerability prioritization includes a process called “impact assessment.” What does our impact assessment for a vulnerability look like?
How do we prioritize what to remediate? How do we decide on the speed of remediation needed?
How do we know if we’ve done a good job? When we look backwards, what are our critical metrics (SLIs and SLOs) and how high up the security stack is the reporting on our progress?
What of the “Google Approach” should other companies not try to emulate? Surely some things work because of Google being Google, so what are the weird or surprising things that only work for us?
Resources:
SRS Book, Chapter 20: Understanding Roles and Responsibilities and Chapter 21: Building a Culture of Security and Reliability
Why Google Stores Billions of Lines of Code in a Single Repository
SRE book and SRE Workbook
“How Google Secures It's Google Cloud Usage at Massive Scale” (ep107)
“Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance” (ep66)
“How We Scale Detection and Response at Google: Automation, Metrics, Toil” (ep75)
170 епізодів
Усі епізоди
×
Ласкаво просимо до Player FM!
Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.
Схожі до Cloud Security Podcast by Google
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
We help founders make something people want.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Learn how people are using AI at work to collaborate, find focus, and get stuff done—not at some point in the future, but today. Hear founders, researchers, and engineers talk about the problems they’re solving with the help of new and emerging AI tools, and how AI can help you spend more time on the work that matters most.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
