Skip to main content
close search
site logo
Dive Brief

Google downgrades trust in Symantec SSL certificates

Published March 27, 2017
By
Contributing Editor
Wikimedia Commons

Dive Brief:

  • Google says Symantec Corporation failed to properly validate at least 30,000 digital certificates over the last several years. In response, Google plans to gradually remove trust in old Symantec SSL certificates and reduce the accepted validity period of newly issued Symantec certificates, according to a Google Chrome announcement. Google has been investigating Symantec Corporation since January 19.
  • In the announcement, Google engineers said they "no longer have confidence in the certificate issuance policies and practices of Symantec," and those practices have "created significant risk for Google Chrome users."
  • Symantec fell short in a number of areas including allowing at least four parties infrastructure access to issue certificate and failed to oversee capabilities "as required and expected," according to Google. And "when presented with evidence of these organizations’ failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner or to identify the significance of the issues reported to them," according to Google. Symantec called Google’s allegations "exaggerated and misleading."

 

Dive Insight:

The rise of cybercrime has made digital certificates a common operating procedure and a best practice for many websites. Secure Socket Layer (SSL) /Transport Security Layer (TLS) certificates encrypt web server and web browser communication over a network, which protects companies from eavesdropping, content hijacking, cookie stealing and censorship. 

If the security of such certificates is now under question, it could generate a lot of concern for many, many businesses. Nearly half of all websites support HTTPS and Google shows favor toward secured websites in its search results. 

For Symantec, Google downgrading trust in the company is a blight on its reputation. Symantec is one of the largest providers of digital certificates, accounting for 42% of the certificate validations on the market, according to Mozilla data, Ars Technica reports

Symantec has struggled in recent years, but is currently working to make a comeback. The company recently bought Blue Coat in hopes that that its more modern approaches to security could help reinvigorate Symantec’s offerings. Now it appears the company may have a bigger issue to deal with in protecting its reputation.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell