Google’s security philosophy

This includes everybody: the people who use Google services (thank you all!), the software developers who make our applications, and the external security enthusiasts who keep us on our toes. These combined efforts go a long way in making the Internet safer and more secure.

For the latest news and insights from Google on security and safety on the Internet, visit our online security blog.

Reporting security issues

If you are a Google user and have a security issue to report regarding your personal Google account, please visit our contact page. This includes password problems, login issues, spam reports, suspected fraud and account abuse issues.

If you believe you have discovered a vulnerability in a Google product or have a security incident to report, go to goo.gl/vulnz to include it in our Vulnerability Reward Program. For Chrome vulnerabilities, use the Chromium bug tracker. Upon receipt of your message we will send an automated reply that includes a tracking identifier. If you feel the need, please use our PGP public key to encrypt your communications with us.

We believe that privately notifying vendors about vulnerabilities in their software, and setting reasonable disclosure deadlines in accordance with the severity of the bugs, is good for the overall security of Internet users. For more of our thoughts about vulnerability disclosure, read here.

Working together helps make the online experience safer for everyone.

We take security issues seriously and will respond swiftly to fix verifiable security issues. Some of our products are complex and take time to update. When properly notified of legitimate issues, we’ll do our best to acknowledge your emailed report, assign resources to investigate the issue and fix potential problems as quickly as possible.