Google announced this week it will flag all HTTP websites "Not Secure" later this summer in hopes of fostering a more secure web.
Just by the nature of its dominant position on the network, Google has as much power as almost any organization to influence the security of the web. The company has used that power in a variety of ways over the years, from providing its Safe Browsing API to other browser vendors to making SSL the default connection for its search, email, and other services.
For many years, the web browser has been the most dangerous piece of software on a computer. They have blindly trusted the content served to them by virtually any site, allowed users to be hit by all manner of malware and drive-by downloads and generally been that friend you don’t want to follow down a sketchy side street.
As buzz mounts over the newly discovered and yet-to be disclosed high severity OpenSSL vulnerability, many may be wondering when the seemingly endless stream of web vulnerabilities will end. Unfortunately, that time likely won’t come soon.