Google’s security philosophy

As a provider of software and services for many users, advertisers, and publishers on the Internet, we recognize how important it is to help protect your privacy and security. We understand that secure products are instrumental in maintaining the trust you place in us and strive to create innovative products that both serve your needs and operate in your best interest.

This site provides information for developers and security professionals. If you're interested in finding out how to stay safe online, check out the Good To Know site.

This includes everybody: the people who use Google services (thank you all!), the software developers who make our applications, and the external security enthusiasts who keep us on our toes. These combined efforts go a long way in making the Internet safer and more secure.

For the latest news and insights from Google on security and safety on the Internet, visit our online security blog.

Reporting security issues

If you are a Google user and have a security issue to report regarding your personal Google account, please visit our contact page. This includes password problems, login issues, spam reports, suspected fraud and account abuse issues.

If you believe you have discovered a vulnerability in a Google product or have a security incident to report, go to goo.gl/vulnz to include it in our Vulnerability Reward Program. For Chrome vulnerabilities, use the Chromium bug tracker. Upon receipt of your message we will send an automated reply that includes a tracking identifier. If you feel the need, please use our PGP public key to encrypt your communications with us.

We believe that privately notifying vendors about vulnerabilities in their software, and setting reasonable disclosure deadlines in accordance with the severity of the bugs, is good for the overall security of Internet users. For more of our thoughts about vulnerability disclosure, read here.

Working together helps make the online experience safer for everyone.

We take security issues seriously and will respond swiftly to fix verifiable security issues. Some of our products are complex and take time to update. When properly notified of legitimate issues, we’ll do our best to acknowledge your emailed report, assign resources to investigate the issue and fix potential problems as quickly as possible.