One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8418788 |
| Date de publication | 2023-11-20 11:49:31 (vue: 2023-12-03 11:07:06) |
| Titre | Deux ans plus tard: une base de référence qui fait grimper la sécurité de l'industrie Two years later: a baseline that drives up security for the industry |
| Texte | Royal Hansen, Vice President of Privacy, Safety and Security Engineering, GoogleNearly half of third-parties fail to meet two or more of the Minimum Viable Secure Product controls. Why is this a problem? Because "98% of organizations have a relationship with at least one third-party that has experienced a breach in the last 2 years."In this post, we\'re excited to share the latest improvements to the Minimum Viable Secure Product (MVSP) controls. We\'ll also shed light on how adoption of MVSP has helped Google improve its security processes, and hope this example will help motivate third-parties to increase their adoption of MVSP controls and thus improve product security across the industry.About MVSPIn October 2021, Google publicly launched MVSP alongside launch partners. Our original goal remains unchanged: to provide a vendor-neutral application security baseline, designed to eliminate overhead, complexity, and confusion in the end-to-end process of onboarding third-party products and services. It covers themes such as procurement, security assessment, and contract negotiation. Improvements since launchAs part of MVSP\'s annual control review, and our core philosophy of evolution over revolution |
| Envoyé | Oui |
| Condensat | 2021 2022 about above accept access achievability acknowledgementsgoogle across acs addendum additional adopting adoption aligning alongside also and/or anna annual anything application are areas around assessment available balance bar based baseline basic because benefited between breach broaden broader bug build but can cases centre chain changes chris chubirka cisa clearly comes common community complete complexity computing conference confusion continue continuous contract contracting contributed contributions control controls core costs covers create cycle data decision design designed developed dirk discouraging discuss discussions diversify don done driven drives driving earlier eliminate embedding end engineering enhance ensure ensuring evolution example excited expand expanded expect experienced expertise external fail faster features feedback foundation from gabor get global goal google googlenearly group groups growing grown guidance göhmann had half hansen has have help helped helping highlightsafter hope how hunters hupa impact implementing importance improve improved improvement improvements inception include: including increase increased increasing industry information initial inline input integrate integrity international invested invitation involved its john kaan key kivilcim kurucz last later later: latest launch launchas launched launching least less level leveled life light like looked maintains making manage management maturity meet members mentioned michele minimum more motivate mvsp mvspin mvspsince nations negotiation negotiations neutral next number observations observed october onboarding one opportunity organizational organizations original out over overhead own part parties partners party perspective phases philosophy please post posture present president principles privacy problem process processes procurement product products program protect protection provide publicly raise reach reduction reflect relationship remains reporting required requirements result review reviewing revolution riley risk royal safeguards safety same secure security see seen select services sets share shed significantly since slsa software solid some sought spainhow stand streamlined strong success such supply supported template than thank them themes these third those through thus time true two unchanged: unicc united updated use uses using valencia vendor viable vice voices vulnerability what when who why wider will work workflows working works would years you your |
| Tags | Vulnerability Conference |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.