Skip to main content

Blockchain may not be the answer to security worries, Google chief says

(Image credit: Image Credit: Zapp2Photo / Shutterstock)

During the start of this year's Black Hat USA conference in Las Vegas, Director of Engineering and head of Project Zero at Google, Parisa Tabriz shared her insights from working on the search giant's bug-hunting team and the push to label non-HTTPS websites as insecure.

Tabriz explained how difficult it was to keep her team motivated while working to secure code and protect systems while leading Project Zero. She stressed the need to celebrate successes regularly as a means of encouraging her staff to continue to get things done.

During her speech, Tabriz also cautioned the audience to avoid being distracted by fads such as blockchain, saying:

“Blockchain is not going to solve security problems. We have made great strides in the past decade, but the threat landscape is becoming increasingly complex and our current approach is insufficient.” 

To further emphasize her point, Tabriz discussed Google's four-year project to have its Chrome browser label non-HTTPS sites as insecure. Although there was a great deal of pushback when the project was first announced, the team was able to make it a reality by setting out clear goals and working together to get management to buy into the idea.

Tabriz also noted how setting firm and clearly defined deadlines has been instrumental to Project Zero's success. Project Zero has consistently enforced a 90-day disclosure rule in which it publicly discloses the details of a vulnerability exactly three months after it first informs a vendor of a vulnerability. This has led to faster security bug fixes across the industry and has caused a shift from the long delays for patches of the past.

For those looking to learn more, Tabriz's hour-long keynote (opens in new tab) is available to watch and it offers a rare glimpse at how Google operates internally.

Image Credit: Zapp2Photo / Shutterstock

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.