EP109 How Google Does Vulnerability Management: The Not So Secret Secrets! - podcast episode cover

EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!

Cloud Security Podcast by Google
Feb 20, 202328 minSeason 1Ep. 109
--:--
--:--
Listen in podcast apps:
Metacast
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Guest: 

  • Ana Oprea, Staff Security Engineer, European Lead of Vulnerability Coordination Center @ Google

Topics:

  • What is the scope for the vulnerability management program at Google? Does it cover  OS, off-the-shelf applications, custom code we wrote … or all of the above?

  • Our vulnerability prioritization includes a process called “impact assessment.” What does our impact assessment for a vulnerability look like?

  • How do we prioritize what to remediate? How do we decide on the speed of remediation needed?

  • How do we know if we’ve done a good job? When we look backwards, what are our critical metrics (SLIs and SLOs) and how high up the security stack is the reporting on our progress?

  • What of the “Google Approach” should other companies not try to emulate? Surely some things work because of Google being Google, so what are the weird or surprising things that only work for us?

Resources:

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
EP109 How Google Does Vulnerability Management: The Not So Secret Secrets! | Cloud Security Podcast by Google - Listen or read transcript on Metacast