Felix Gröbert

Did you know that @EnvoyProxy is covered by our Vulnerablity Reward Program? Check out the details at https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/google_vrp …. We're excited to hear from security researchers about vulnerabilities in this foundational networking data plane component.

Centralized databases with millions of sensitive PIIs WILL be compromised.https://twitter.com/TanyaOCarroll/status/1265254732601397249 …

Crypto-twitter is mad that Zoom is duplicating stuff because of FIPS, but limited algorithm selection is, I find, a more minor cost of FIPS. The “integrity” check, and the eng time spent doing busy-work x times per year for y different platforms is much larger.

Here is a write-up of a very interesting RCE bug I found on Google Cloud Deployment Manager for the @GoogleVRP: https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html …

The most useful thing to me about Tink is that it was grown to solve the needs of shipping software vs. coming from purely a cryptographer’s point of view. I want something that I can give to software engineers and they can easily understand and use.https://twitter.com/XorNinja/status/1262134453918289920 …

Today I got a Google Cloud RCE report submitted, triaged, escalated to P0 S0, and with a "Nice catch!", all in under 5 minutes (Thx @sirdarckcat). @GoogleVRP could it be considered the fastest RCE report ever?

The Google security scanning automation team is looking for a (Java) software engineer in Zürich (no remote work). Ideally the candidate has a background in software development and security. If you are interested, ping me. Please retweet!

We are looking for passionate and talented Security Engineers to join the Google Security Team in Sydney. Come work with us to defend and protect Google's infrastructure: https://careers.google.com/jobs/results/90063819033715398-security-engineer-infrastructure-protection/ …