Google Tightens Its Third-Party Security Guidelines

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

Google is making an effort to increase its security by expanding its recommended minimum security guidelines for its third-party vendors.

The Minimum Viable Secure Product (MVSP) has been used for years by Google to establish the basic security requirements that businesses and online entities should establish. Following the MVSP guidelines is heavily encouraged for any company attempting to sell products online.

Previously, the MVSP guidelines had a few flaws that held it back from adequately addressing modern concerns. Under them, companies didn’t need to adequately report cybersecurity incidents within a reasonable time frame.

As global cybersecurity attacks have sharply increased over the years, the need for updated global guidelines has become pressing.

The new guidelines include:

  • Companies must respond to reports within a reasonable time frame.
  • Publish regular vulnerability reports. These reports will be responsible for providing legal safety against vulnerabilities, outlining the scope of the company’s security testing, and providing contact details.
  • Develop procedures in line with the new policies.
  • Patch vulnerabilities in products and networks within 90 days of discovery.

In addition, companies will be discouraged from charging for basic security features.

“Charging for basic security features will discourage some individuals or organizations from adopting those features,” writes Forester Principal Analyst Sandy Carielli. “If we want to make products more secure, access to security features cannot be reserved for the wealthiest customers.”

This practice is becoming increasingly popular among companies, which is an overall positive trend for consumer security. Some CEOs are even calling for stakeholders in companies that don’t meet MVSP guidelines to crack down on them. Otherwise, some companies feel very little pressure to spend money on bringing their security protocols up to snuff.

“The more companies that require their vendors to meet MVSP controls, the more vendors that are going to meet those controls,” Carielli said.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."

Leave a Comment