VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More

Today, Google unveiled three new initiatives designed to support the vulnerability management ecosystem and help the security community better mitigate cyber risk.

New support for vulnerability management

One initiative, the Hacking Policy Council, will bring together a group of “like-minded organizations and leaders” to advocate for new policies and regulations to support best practices for vulnerability management and disclosure, without undermining user security. 

“Our users don’t just use Google products, they use a variety of products and services which are interconnected and interdependent. So protecting our users means working to improve the security of the overall ecosystem. This includes working with other vendors as well as governments to ensure risk from vulnerabilities can be mitigated faster and more effectively,” said Charley Snyder, head of security policy at Google. 

According to Harley Gieger, cybersecurity counsel of Venable LLP, the Hacking Policy Council will look toward “creating a more favorable legal environment for vulnerability disclosure and management.” This includes ethical hacking, bug bounties and penetration testing.


AI Unleashed

An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.


Learn More

Defending defenders, informing users

Another initiative, the Security Research Legal Defense Fund, will set aside an undisclosed funding amount to support the legal defense of independent security researchers who make contributions to good-faith security research. The fund is designed to protect researchers from legal liabilities arising from ethical vulnerability disclosure.

Google’s final initiative committed the organization to offering users greater transparency over vulnerability exploitation and patch adoption across its own product ecosystem. 

“We think users should know when they have been exploited, particularly when we can arm them with knowledge which can help them take steps to better protect themselves. We’ve always prioritized this transparency, but we are now making an explicit change to our vulnerability disclosure policy to commit to publicly disclose when we have evidence that vulnerabilities in any of our products have been exploited,” Snyder said.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.