Google security and product safety

Google’s security philosophy

As a provider of software and services for many users, advertisers and publishers on the Internet, we recognise how important it is to help protect your privacy and security. We understand that secure products are instrumental in maintaining the trust that you place in us and strive to create innovative products that both serve your needs and operate in your best interest.

This includes everybody: The people who use Google services (thank you all!), the software developers who make our applications and the external security enthusiasts who keep us on our toes. These combined efforts go a long way to making the Internet safer and more secure.

For the latest news and insights from Google on security and safety on the Internet, visit our online security blog.

Reporting security issues

We’ve just launched a new vulnerability reward programme find out how you can contribute!

If you are a Google user and have a security issue to report regarding your personal Google account, please visit our contact page. This includes password problems, login issues, spam reports, suspected fraud and account abuse issues.

If you believe that you have discovered a vulnerability in a Google product or have a security incident to report, email Please include a detailed summary of the issue, including the name of the product (e.g. Gmail) and the nature of the issue that you have discovered. Make sure that you include an email address where we can reach you, in case we need more information. Upon receipt of your message, we will send an automated reply that includes a tracking identifier. We value the security of Google services, as well as your privacy, when you report vulnerabilities or incidents to us. If you feel the need, please use our public key to encrypt your communications with us when sending emails to

We believe that privately notifying vendors about vulnerabilities in their software and setting reasonable disclosure deadlines in accordance with the severity of the bugs is good for the overall security of Internet users. For more of our thoughts about vulnerability disclosure, read here.

Working together helps make the online experience safer for everyone.

We take security issues seriously and will respond swiftly to fix verifiable security issues. Some of our products are complex and take time to update. When properly notified of legitimate issues, we’ll do our best to acknowledge your emailed report, assign resources to investigate the issue and fix potential problems as quickly as possible.

We’ve learned that when security is done right, it’s done as a community.

We thank you

People and organisations with an interest in security issues have made a tremendous contribution to the quality of the online experience. On behalf of our millions of users, we would like to acknowledge the following individuals and organisations for their valuable assistance.

Following the creation of the vulnerability rewards programme, we have also developed a new Hall of Fame page, where we will credit future contributions.

For contributions to the Chromium project, on which the Chrome browser is based, visit the Chromium security page.

Sustained support



  • Gabriel Campana
  • Kacper Kwapisz
  • TippingPoint’s Zero Day Initiative
  • Roi Saltzman
  • Michael Schmidt, Compass Security Switzerland
  • Inferno,
  • Jason Carpenter, Chris Rohlf, Eric Monti–Matasano Security
  • Eduardo Vela Nava (sirdarckcat)
  • Mozilla Security
  • Will Dormann of CERT
  • Radoslav (Radi) Vasilev, Cigital
  • Francisco Falcon from CORE Security
  • David Weston and Microsoft Vulnerability Research
  • Fernando Muñoz Sánchez
  • Luis Santana of
  • Aviv Raff
  • Mike Bailey, Foreground Security
  • Isaac Dawson
  • Tokuji Akamine, Symantec
  • Alessandro Armando, Roberto Carbone, Matteo Grasso, Alessandro Sorniotti with the AVANTSSAR project


  • Finjan
  • Yair Amit, IBM Rational Application Security
  • Rotem Bar
  • Jeremiah Grossman
  • Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuellar, Llanos Tobarra Abad with the AVANTSSAR project
  • William Enck, Machigar Ongtang, and Patrick McDaniel, SIIS Laboratory, Penn State University
  • Chris Boyd, FaceTime Communications


  • Johannes Fahrenkrug
  • Richard Forand
  • Bryan Jeffries
  • Hidetake Jo
  • Kwok Yat-Hong (郭逸康)
  • Fraser Howard, Sophos
  • H.D. Moore
  • Wayne Porter, FaceTime Communications
  • Alex Shipp, Messagelabs
  • Castlecops
  • Christian Matthies