all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Capslock: What is your code really capable of?

Add to bookmarks
Sept. 15, 2023, 6:10 p.m. | Kimberly Samra (noreply@blogger.com)

Google Online Security Blog security.googleblog.com

Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection Team



When you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that those packages aren’t doing anything unexpected. If that trust is violated, the consequences can be huge—regardless of whether the package is malicious, or well-intended but using overly broad permissions, such as with Log4j in 2021. Supply chain security is a …

code doing enterprise external google import infrastructure infrastructure protection john library miller open source open source security open source security team packages party protection review security security team software team third trust what is

Visit resource

More from security.googleblog.com / Google Online Security Blog

Prevent Generative AI Data Leaks with Chrome Enterprise DLP 1 week, 2 days ago | security.googleblog.com
ai data businesses can chrome +23
How we built the new Find My Device network with user security and privacy in … 2 weeks, 5 days ago | security.googleblog.com
android android security crowdsourced data +13
Google Public DNS’s approach to fight against cache poisoning attacks 4 weeks, 2 days ago | security.googleblog.com
addresses attacks cache cache poisoning +21
Address Sanitizer for Bare-metal Firmware 1 month ago | security.googleblog.com
address android android security area +12
Real-time, privacy-preserving URL protection 1 month, 1 week ago | security.googleblog.com
alex amp attackers browsing +20
Vulnerability Reward Program: 2023 Year in Review 1 month, 2 weeks ago | security.googleblog.com
10 million address android security bug +21
Secure by Design: Google’s Perspective on Memory Safety 1 month, 3 weeks ago | security.googleblog.com
Piloting new ways of protecting Android users from financial fraud 2 months, 2 weeks ago | security.googleblog.com
android android security android users apps +19
Improving Interoperability Between Rust and C++ 2 months, 3 weeks ago | security.googleblog.com
amp android announcement back +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cybersecurity Engineer

@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
View on infosec-jobs.com

Invoice Compliance Reviewer

@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
View on infosec-jobs.com

Technical Program Manager II - Compliance

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence

@ Moonshot | Washington, District of Columbia, United States
View on infosec-jobs.com

Customer Engineer, Security, Public Sector

@ Google | Virginia, USA; Illinois, USA
View on infosec-jobs.com
View more jobs