[BSL2024] Inside Google’s Discovery & Remediation of a Critical CPU Vulnerability - Yousif Hussin
HTML-код
- Опубликовано: 28 ноя 2024
- Inside Google’s Discovery & Remediation of a Critical CPU Vulnerability
Just as Vulnerability Research is an important area of focus at Google, so is Vulnerability Response to critical and complex vulnerabilities including novel discoveries affecting the CPUs. These responses not only safeguards the security of Google’s products and users but also extends its reach to millions of devices connected to the Internet, in certain instances, including the case I’m going to share here in details.
In this talk, I’d like to go through a recent incident at Google, in deep technical details, in which I was the global lead. The incident involves the discovery by a Google’s security researcher of a critical CPU vulnerability (Reptar) and the extensive remediation efforts across all of Google’s products and systems.
The incident presented a confluence of intriguing technical challenges and unique operational complexities. I plan to elaborate on the strategies employed by Google to address these challenges effectively, emphasizing the time constraints and pressures under which we operated.
About the Speaker:
I’m a Security Engineer at Google, currently specializing in remediating critical software vulnerabilities and I lead global teams in the engagements addressing vulnerabilities in all of Google products. I’m also part of the team managing Google’s Bughunter Vulnerability Rewards Program.
I’ve been a security professional since 2007, and in the past 8 years I’ve been mostly focusing on development of security tooling, incident response, forensics, malware analysis and working with developers in how to address security vulnerabilities. I worked at Apple, Microsoft, Meta and now Google.
![[BSL2024] When Malware Becomes Creative - Dimitrios Valsamaras and José Leitão](http://i.ytimg.com/vi/kxQmvWj_E5c/mqdefault.jpg)
![[BSL2024] When Malware Becomes Creative - Dimitrios Valsamaras and José Leitão](/img/tr.png)
![[BSL2024] [KEYNOTE] AI WILL TAKE UR JOB! - Pedro Ribeiro](http://i.ytimg.com/vi/0zAs7wjUhio/mqdefault.jpg)
![[BSL2024] Attacking & Defending SAP Systems - Jordan Santarsieri](http://i.ytimg.com/vi/GbIeRav7YkI/mqdefault.jpg)
![[BSL2024] The GenAI Cybercrime Armageddon - Hype or Fiction ? - Candid Wüest](/img/1.gif)