A Good Week for Google Cloud Security Engineers

As ridiculous as it is, engineers grow loyalty to various cloud providers. Maybe they’re loyal to a cloud because it was their first cloud, where they built their first app, or because it’s what they use in their day job.

I still think back fondly to a summer spent rationing a $200 DigitalOcean promotion on various Droplets.

Every once in a while news comes along that makes the fanatics of one of the clouds brag to their peers. Google Cloud security engineers had one of those weeks.

Zenbleed is the type of vulnerability that has customers knocking on their provider’s door. As a speculative attack solely in the realm of the provider’s responsibility, folks were anxiously waiting from GCP/Azure/AWS on their response to the news.

Google Cloud had a slam dunk - Google’s own Project Zero team discovered the vulnerability and likely had a head start on patching microcode updates for their fleet prior to public disclosure. No customer action is required, as fixes have already been applied to the Google server fleet for Google Cloud Platform is a reassuring security bulletin.

I think this story reinforces the value of a team like Project Zero. Vulnerability disclosures and CVE assignments are not a short process. Googlers got the news and internal runway first and I’m sure AWS and Azure would have paid top dollar for that headstart.

It was a good week to be a Google Cloud security engineer.