May 18, 2022

Privileged pod escalations in Kubernetes and GKE

Posted by GKE and Anthos Platform Security Teams  At the KubeCon EU 2022 conference in Valencia, security researchers from Palo Alto Network...
May 11, 2022

I/O 2022: Android 13 security and privacy (and more!)

Posted by Eugene Liderman and Sara N-Marandi, Android Security and Privacy Team Every year at I/O we share the latest on privacy and secu...

Taking on the Next Generation of Phishing Scams

Posted by Daniel Margolis, Software Engineer, Google Account Security Team   Every year, security technologies improve: browsers get better ...
April 28, 2022

The Package Analysis Project: Scalable detection of malicious open source packages

Posted by Caleb Brown, Open Source Security Team  Despite open source software’s essential role in all software built today, it’s far too ea...
April 27, 2022

How we fought bad apps and developers in 2021

Posted by Steve Kafka and Khawaja Shams, Android Security and Privacy Team Providing a safe experience to billions of users continues to ...
April 14, 2022

How to SLSA Part 3 - Putting it all together

Posted by Tom Hennen, software engineer, BCID & GOSST  In our last two posts ( 1 , 2 ) we introduced a fictional example of Squirrel, Op...
April 13, 2022

How to SLSA Part 2 - The Details

Posted by Tom  Hennen, software engineer, BCID & GOSST  In our last post we introduced a fictional example of Squirrel, Oppy, and Acme ...
April 12, 2022

How to SLSA Part 1 - The Basics

Posted by Tom Hennen, Software Engineer, BCID & GOSST  One of the great benefits of SLSA ( Supply-chain Levels for Software Artifacts ) ...