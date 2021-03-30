



Royal Hansen, Google’s vice president of security, told the panel that large-scale hacks occur frequently. Hansen believes that big tech companies need to work together in open source security to curb this trend. Google is part of a consortium launched last year aimed at improving open source security. See other articles on Insider’s business page.

Large-scale hacks targeting tens of millions of people’s data are on the rise and could increase in the coming years, Google’s Vice President of Security Royal Hansen predicts.

As companies around the world move more businesses online, cybercriminals and state-sponsored spies can attack for profit and surveillance, Hansen said.

“The speed at which everything in our lives is digitized” means that everything is “rewritten, refactored, or evolving.”

In response, Big Tech companies need to work together to ensure that the world’s software is not vulnerable to hacking, he added.

Hansen discussed massive hacking and bleaching epidemics at a cybersecurity panel hosted by co-authors Neil Daswani and Moody El Bayadi on Thursday. Hansen wrote the preface to the book.

This panel was the result of a series of unprecedented hacks. Researchers revealed in December that Russian hackers broke into hundreds of major companies and US government organizations after violating software company SolarWinds. Another vulnerability in Microsoft’s Exchange Server email software released in March led to a number of cyberattacks last month.

Massive data breaches have increased over the years, with more than 7,000 breaches and more than 4 billion records breached since 2011, according to data collected by the Privacy Rights Clearinghouse.

Hansen argued that one of the most effective ways for big companies to fight hackers is to collaborate on open source software that is safe by default and easy to audit and improve.

“Not all problems can be solved, but if the supply chain is right, most of the problems can be solved,” Hansen said.

As companies increasingly adopt cloud-hosted applications, the vast majority of commercial software products now rely on open source code.

The nature of open source software means that there is no central ownership of shared code. This leads to an imbalance in which critical projects that serve as the foundation of the world’s digital infrastructure are gratefully maintained by a small number of volunteers, leading to maintenance issues and security threats.

Hansen argues that if companies help protect their open source code, cybercriminals will have fewer ways to compromise the code and the code will be incorporated into other products. Security audits of open source projects have discovered serious vulnerabilities in the past. In 2019, security firm Snyk discovered a bug in the open source package LoDash, which allows hackers to access sensitive information on the victim’s network. Over 50,000 open source projects were affected by this vulnerability and subsequently patched.

Hansen said Google, alongside Facebook and Microsoft, is a non-profit organization founded in 2020 that aims to set the standard for sharing open source findings and security best practices. He said he is one of the dozens of companies participating in the Security Foundation.

