Google Chrome is rapidly winning the hearts and minds of tech enthusiasts everywhere not just for its blistering speed, but for its unrelenting commitment to security. Saying a browser is secure is easy, but making it so is something completely different. To help keep their developers on track the team has come up with a set of seven core security principles , and the complete list makes for a rather interesting read, and we’ll highlight a few of our favorites after the jump.
First up on the list is “don’t get in the way”. This might sound simple enough, however as Vista’s UAC taught us all too well, enhanced security more often than not comes with strings attached, strings that constantly take over your screen and suck your will to live every time you launch an application. Simply put, Chrome does a great job of this.
Another great principle is “speed matters”. In this case we aren’t referring to Chrome’s legendary rendering speed, rather it pertains solely to response times in dealing with security concerns. Silent automatic background updating is the leading example of this principle in action, and it’s something that is literally changing the industry.
The final principle worth pointing out is “make the web safer for everyone”. In this example the Chrome team points out that it recognizes the power of web standards to help push security issues forward. They quote open source technologies such as sandboxing as examples of this, but a part of me wonders if flash wouldn’t be a better horse to beat on. To this day flash continues to be a huge vulnerability on millions of machines around the world, and HTML5 just might be the cure.
Design for defense in depth, security is a team responsibility, be transparent, and engage the community round out the list, and feel free to cruse on over to the Chromium blog to check out Google’s take on each.