Google’s security philosophy

As a provider of software and services for many users, advertisers and publishers on the Internet, we recognize how important it is to help protect your privacy and security. We understand that secure products are instrumental in maintaining the trust you place in us and strive to create innovative products that both serve your needs and operate in your best interest.

This includes everybody: the people who use Google services (thank you all!), the software developers who make our applications, and the external security enthusiasts who keep us on our toes. These combined efforts go a long way in making the Internet safer and more secure.

For the latest news and insights from Google on security and safety on the Internet, visit our online security blog.

Reporting security issues

If you are a Google user and have a security issue to report regarding your personal Google account, please visit our contact page. This includes password problems, login issues, spam reports, suspected fraud and account abuse issues.

If you believe you have discovered a vulnerability in a Google product or have a security incident to report, email security@google.com. Please include a detailed summary of the issue, including the name of the product (e.g., Gmail) and the nature of the issue you discovered. Be sure to include an email address where we can reach you in case we need more information. Upon receipt of your message we will send an automated reply that includes a tracking identifier. We value the security of Google services as well as your privacy when you report vulnerabilities or incidents to us. If you feel the need, please use our public key to encrypt your communications with us when sending email to security@google.com.

We believe that privately notifying vendors about vulnerabilities in their software, and setting reasonable disclosure deadlines in accordance with the severity of the bugs, is good for the overall security of Internet users. For more of our thoughts about vulnerability disclosure, read here.

Working together helps make the online experience safer for everyone.

We take security issues seriously and will respond swiftly to fix verifiable security issues. Some of our products are complex and take time to update. When properly notified of legitimate issues, we’ll do our best to acknowledge your emailed report, assign resources to investigate the issue, and fix potential problems as quickly as possible.

We’ve learned that when security is done right, it’s done as a community.

We thank you

People and organizations with an interest in security issues have made a tremendous contribution to the quality of the online experience. On behalf of our millions of users, we would like to acknowledge the following individuals and organizations for their valuable assistance.

Following the creation of the vulnerability reward program, we have also developed a new Hall of Fame page where we will credit future contributions.

For contributions to the Chromium project, on which the Chrome browser is based, visit the Chromium security page.

Sustained support

• Martin Straka
• Yahoo! Paranoids
• Alex Eckelberry, Sunbelt Software
• Yair Amit, IBM Rational Application Security
• Stephen Sclafani
• Team Cymru
• Masato Kinugawa
• Christian Matthies
• Wladimir Palant, http://adblockplus.org/
• Szymon Gruszecki
• Neal Poole
• Nir Goldshlager, Avnet Information Security Specialist
• Nils Juenemann

2010

• Dr. Marian Ventuneac, http://www.ventuneac.net
• Daniel LeCheminant, Fog Creek Software
• Vincent OLLIVIER
• Yair Amit, IBM Rational Application Security
• Niels Ingen Housz
• Wladimir Palant, http://adblockplus.org/
• Tielei Wang from ICST-ERCIS (Engineering Research Center of Info Security, Institute of Computer Science & Technology, Peking University / China), reported through Secunia
• José Antonio Vázquez González (Telecom. Engineer from Linares/Spain), http://spa-s3c.blogspot.com/
• wushi of team509
• Sergey Glazunov
• kuzzcc
• Aki Helin, OUSPG
• Timothy D. Morgan of VSR
• Billy Rios
• Adam Bacchus, NetSPI
• Hans Schmucker of TWnet
• Pedro Liberal Fernández
• Szymon Gruszecki, Cracow University of Technology, Poland

2009

• Gabriel Campana
• Kacper Kwapisz
• TippingPoint’s Zero Day Initiative
• Roi Saltzman
• Michael Schmidt, Compass Security Switzerland
• Inferno, SecureThoughts.com
• Jason Carpenter, Chris Rohlf, Eric Monti–Matasano Security
• Eduardo Vela Nava (sirdarckcat)
• Mozilla Security
• Will Dormann of CERT
• Radoslav (Radi) Vasilev, Cigital
• Francisco Falcon from CORE Security
• David Weston and Microsoft Vulnerability Research
• Fernando Muñoz Sánchez
• Luis Santana of hacktalk.net
• Aviv Raff
• Mike Bailey, Foreground Security
• Isaac Dawson
• Tokuji Akamine, Symantec
• Alessandro Armando, Roberto Carbone, Matteo Grasso, Alessandro Sorniotti with the AVANTSSAR project

2008

• Finjan
• Yair Amit, IBM Rational Application Security
• Rotem Bar
• Jeremiah Grossman
• Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuellar, Llanos Tobarra Abad with the AVANTSSAR project
• William Enck, Machigar Ongtang, and Patrick McDaniel, SIIS Laboratory, Penn State University
• Chris Boyd, FaceTime Communications

Previous

• Johannes Fahrenkrug
• Richard Forand
• Bryan Jeffries
• Hidetake Jo
• Kwok Yat-Hong (郭逸康)
• Fraser Howard, Sophos
• H.D. Moore
• Wayne Porter, FaceTime Communications
• Alex Shipp, Messagelabs
• Castlecops
• Christian Matthies