Source: www.securityweek.com – Author: Eduard Kovacs
Google Cloud announced on Tuesday that moving forward it will assign CVE identifiers to critical vulnerabilities found in its products, even if they do not require the user to deploy patches or take other action.
Critical Google Cloud flaws that will receive CVEs will have advisories published on the Google Cloud Security Bulletins page.
A tag named ‘exclusively-hosted-service’ will indicate that customers do not need to take any action for a specific vulnerability.
The expansion of its CVE program is part of its commitment to transparency, Google Cloud said.
The cloud giant recently announced a new Vulnerability Reward Program (VRP) with bug bounties of up to $100,000 for security issues found in its products and services.
“While the Google Cloud VRP has a specific focus on strengthening Google Cloud products and services, and brings together our engineers with external security researchers to further the security posture for all our customers, CVEs enable us to help our customers and security researchers track publicly-known vulnerabilities,” Google Cloud representatives said in a blog post.
Google Cloud joins Microsoft, which has been assigning CVE identifiers and publishing advisories for cloud vulnerabilities that do not require any user interaction since June 2024.
Amazon Web Services (AWS) has also been issuing CVE identifiers for vulnerabilities affecting its cloud products and services.
Advertisement. Scroll to continue reading.
Cloud security giant Wiz has been maintaining a database of cloud vulnerabilities since 2022. The database currently stores information on nearly 200 security issues found between 2008 and present day.
The CVE Program recently turned 25. There are currently over 400 CVE Numbering Authorities (CNAs) and more than 240,000 CVE identifiers were assigned as of October 2024.
Related: CISA Announces CVE Enrichment Project ‘Vulnrichment’
Related: CVE and NVD – A Weak and Fractured Source of Vulnerability Truth
Related: Dependency Confusion Could Have Led to RCE in Google Cloud Platform
Related: Google Cloud Rolling Out Mandatory MFA for All Users
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- China’s Volt Typhoon Rebuilding Botnet
- Form I-9 Compliance Data Breach Impacts Over 190,000 People
- Amazon Employee Data Leaked by Hacker
- IP Spoofing Attack Tried to Disrupt Tor Network
- Cyberattack Cost Oil Giant Halliburton $35 Million
- Law Firm Data Breach Impacts 300,000 Presbyterian Healthcare Patients
- Palo Alto Networks Addresses Remote Code Execution Vulnerability Claims
- Nokia Says Impact of Recent Source Code Leak Is Very Limited
Latest News
- Citrix, Cisco, Fortinet Zero-Days Among 2023s Most Exploited Vulnerabilities
- Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories
- Ivanti Patches 50 Vulnerabilities Across Several Products
- CISO Forum Virtual Summit is Today
- High-Severity Vulnerabilities Patched in Zoom, Chrome
- Chinese Hackers Target Tibetan Websites in Malware Attack, Cybersecurity Group Says
- Citrix, Fortinet Patch High-Severity Vulnerabilities
- ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.
The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
Original Post URL: https://www.securityweek.com/google-cloud-to-assign-cves-to-critical-vulnerabilities/
Category & Tags: Cloud Security,cloud security,CVE,Google Cloud – Cloud Security,cloud security,CVE,Google Cloud
Views: 0
