Good news about global security that almost nobody is talking about. A thread:

Consumer opsec got a quiet upgrade. Google expanded Scam Detection on Pixel phones to France, Italy, Spain, Mexico, Germany, and Japan. Pixel Watch can now auto-lock your phone when you move out of range. Satellite SOS also expanded to Canada, Europe, Alaska, and Hawaii.

Android’s March bulletin fixed a critical no-click remote code execution issue.

GitHub made boring AppSec work easier to own. It added alert assignees for Dependabot. A week later, it added native pre-commit hook updates. That pushes dependency maintenance closer to the default workflow.

Then there is the enforcement side. INTERPOL’s Red Card 2.0 across 16 African countries led to 651 arrests, recovered more than $4.3M, and took down 1,442 malicious IPs, domains, and servers. That is coordinated disruption, not symbolism.

Post-quantum security moved one step closer to deployment. Google used its February quantum security update to issue a call to action, citing NIST’s standards and post-quantum capabilities it says are already rolling out in products.

Underneath all of this, Secure by Design keeps spreading. CISA’s public signer page lists at least 328 companies in the Secure by Design pledge. That is how the default attack surface starts to shrink.

Security progress happens slowly, but it does happen. We're here to keep building toward a more secure future. One product, one codebase, one institution at a time.