- Google says Symantec Corporation failed to properly validate at least 30,000 digital certificates over the last several years. In response, Google plans to gradually remove trust in old Symantec SSL certificates and reduce the accepted validity period of newly issued Symantec certificates, according to a Google Chrome announcement. Google has been investigating Symantec Corporation since January 19.
- In the announcement, Google engineers said they "no longer have confidence in the certificate issuance policies and practices of Symantec," and those practices have "created significant risk for Google Chrome users."
- Symantec fell short in a number of areas including allowing at least four parties infrastructure access to issue certificate and failed to oversee capabilities "as required and expected," according to Google. And "when presented with evidence of these organizations’ failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner or to identify the significance of the issues reported to them," according to Google. Symantec called Google’s allegations "exaggerated and misleading."
The rise of cybercrime has made digital certificates a common operating procedure and a best practice for many websites. Secure Socket Layer (SSL) /Transport Security Layer (TLS) certificates encrypt web server and web browser communication over a network, which protects companies from eavesdropping, content hijacking, cookie stealing and censorship.
If the security of such certificates is now under question, it could generate a lot of concern for many, many businesses. Nearly half of all websites support HTTPS and Google shows favor toward secured websites in its search results.
For Symantec, Google downgrading trust in the company is a blight on its reputation. Symantec is one of the largest providers of digital certificates, accounting for 42% of the certificate validations on the market, according to Mozilla data, Ars Technica reports.
Symantec has struggled in recent years, but is currently working to make a comeback. The company recently bought Blue Coat in hopes that that its more modern approaches to security could help reinvigorate Symantec’s offerings. Now it appears the company may have a bigger issue to deal with in protecting its reputation.