top | item 47166190

(no title)

I think this is making at least some waves in google. I literally just got an email from them with the subject "[Action Advised] Review Google Cloud credential security best practices"

A slew of recommendations, one of them being:

Disable Dormant Keys: Audit your active keys and decommission any that show no activity over the last 30 days.

(Although I don't think this even addresses the underlying issue)

discuss

andrekandre|3 days ago

  > "[Action Advised] Review Google Cloud credential security best practices"

  > (Although I don't think this even addresses the underlying issue)

sounds like they want to have customers be responsible instead of fixing it themselves ...