Google is offering all security professionals a peek into its security systems. Scott Petry, the director of Google’s Enterprise and founder of security firm Postini, explained to those attending the RSA conference how the firm handles endless pressure and inspection from attackers. In order to keep all its products safe, the search engine giant has assumed a philosophy of ’security as a cultural value’. The programme includes obligatory security training for developers, a set of in-house safety libraries, and code reviews both by Google developers and outside security researchers. Mr. Petry believes that the most important thing that Google security does is to educate. In an era where both online users as well as firms are increasingly relying on outside services and applications, it is becoming almost next to impossible to ‘lock-down’ a company completely.

He further argued not only does the firm educate its employees, but also implements software ‘guard rails’. This warns users when possible hazardous actions are taken and also logs them for administrators to archive later. He also suggested taking a ‘neighbourhood watch’, kind of stance to vulnerability disclosure. As far as Google is concerned, this means sharing more information with researchers and also having the faith in them that they will do the right thing with their discoveries.