Google, founded by Larry Page and Sergey Brin in 1998, is the world’s largest search engine with its 92% market share. Google offers more than 50 services such as Gmail, Chrome, and the Google Cloud Platform.

One of Google’s many services is Android, an operating system designed for mobile devices. Every year, hundreds of security vulnerabilities are remediated on over three billion Android devices. Google’s Android Security Bulletin communicates information on vulnerabilities to Google’s partners and is matched to reports in the National Vulnerability Database (NVD). These data sets are critical to security experts, but additional effort is required to collect and combine the data from both sources.

Our Android Vulnerability Database consolidates information from the bulletins and data from the NVD in one place and enables users to access that information via the web.

Our tool illustrates metrics that are found in the databases in an attractive, easy-to-use format so experts can survey vulnerabilities with ease.

The most important metric is the base score which indicates the overall severity of the vulnerability and helps security experts to prioritize certain vulnerabilities as they develop fixes.

Security experts can access the consolidated data set via the web-facing application. They can retrieve information with prepared requests or tailor their requests to suit their specific needs.

The app also visualizes the data for users, helping them to analyze the information in an intuitive way, enabling Google employees to solve Android vulnerabilities easier than ever before.

Our tool is open source, hosted on Google Cloud Platform, and utilizes ETL methodology to manage the data. API calls are then used to retrieve data from cloud SQL databases.