Search results for:
Internet giant Google has built a "team of security researchers_" which will move forward towards the organization's newest target – "_making the internet safer by reducing the number of people harmed during zero-day attacks_, "according to a recent article published on the Hosting News website. The article indicates that this team, named "_Project Zero_" is a collection of "_highly skilled, full-time researchers_" working diligently to locate and report "_large numbers of security threats."
Google's Chris Evans – the company "Researcher Herder_" – was quoted in the article saying, "_You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. We think more can be done to tackle this problem." Google and Evans clarify that the focus of Project Zero is not only on "_finding vulnerabilities in only Google products_" but is also tasked to "_discover bugs_" in other widely used software and to pay attention to "_techniques, targets and motivations of attackers_, "according to the report.
According to the article, all information found by the group "will be stored in an external database where the vendors of the compromised software will be notified," then prompting the team to generate and release reports to the public so discussions about the vulnerability can begin with all concerned. The article states that Google searches for "_researchers for Project Zero_" but no information on how to apply for these roles has yet to be released. The website 9to5google.com published the following statements from Google regarding Project Zero as well:
"We're not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets, and motivations of attackers. We'll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment. Every bug we discover will be filed in an external database. We will only report bugs to the software's vendor—and no third parties. Once the bug report becomes public (typically once a patch is available), you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces."
Written by Bryon Turcotte / July 15, 2014