《谷歌：逃离厄运循环白皮书（英文版）（9页）.pdf》由会员分享，可在线阅读，更多相关《谷歌：逃离厄运循环白皮书（英文版）（9页）.pdf（9页珍藏版）》请在三个皮匠报告上搜索。

1、SummaryLooking beyond 0daysDriving patch adoptionHolistic lifecycle managementNormalizing transparencyVendors should disclose when their products are activelyexploitedMore transparency around patching metrics will diagnosewhether current approaches are workingSma?TransparencySuppo?ing researchersThe

2、 impo?ance of intent in legal frameworksAgainst gatekeepingEscaping the doom loop requires more strategic approachesThe industry needs to improve at pe?orming root causeanalysesFocus on the fundamentalsConclusion1SummaryAt Google,we work on security challenges across the full spectrum of cyber a?ack

3、s fromspam and other nuisances which a?ect billions of people,to sophisticated exploits developedby highly professional teams to target the worlds most high-risk users.We dont have theluxury of focusing on one or the other improving trust online requires that we buildmitigations that protect all our

4、 users.Too o?en,we see public debate around security?xate on high-end threats and zero-dayvulnerabilities,and not enough focus on the underlying conditions that enable them.ProjectZero,our vendor agnostic security research team that studies zero-day vulnerabilities inhardware and so?ware systems,is

5、focused on“making zero-day hard,”but we see a need todevelop new approaches to make all exploitation more di?cult.Doing so requires working witha broad set of stakeholders:industry,who develop the pla?orms and services that a?ackersseek to exploit;researchers,who not only?nd vulnerabilities but iden

6、tify and drive mitigationsthat can close o?entire avenues of a?ack;users,who unfo?unately still bear too high of aburden of security;and governments,who create incentive structures that shape the behaviorof all these other actors.When we look at the ecosystem,it is clear that there is impo?antwork s