As billions of people around the world rely on the internet, not to mention businesses, corporations and governments, the security of the internet is vital. To further security, Google has put together Project Zero, a team of elite hackers that will devote %100 of their time to find vulnerabilities, zero-days, and insecure products across the web.
July 15, Google released the news of their elite security research and bug hunter team. Project Zero is a dedicated team of top security researchers who have been hired by Google to find severe security flaws in the most widely used products around the world. Not only will vulnerabilities be disclosed, but Google will work with the company to help further secure the products against found threats.
Project Zero derives from the popular term, “zero-day“, and the security researchers will work to find zero-day vulnerabilities making sure they do not fall into the hands of criminals, state-sponsored hackers, and intelligence agencies.
You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of “zero-day” vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem,” Google Chrome Security team leader who oversees Project Zero, Chris Evans writes.
Zero-day vulnerabilities could give cyber-criminals the ability to take control powerful systems or exploit victims computers without their knowledge.
Who are these elite security researchers Google has hired? As the project is still in launch, security researcher recruitment is still underway. Reporters state the the following notable researchers are apart of Project Zero:
- Ben Hawkes – independent security researcher from New Zealand who is well known for discovering dozens of bugs in software like Adobe Flash and Microsoft Office.
- George Hotz (geohot) – known for jailbreaking the Sony PS3, unlocking the iPhone and cracking Google’s Chrome Browser.
- Tavis Ormandy – currently employed as security engineer at Google and known for discovering a number of critical zero-day vulnerabilities in various softwares.
amongst other notable researchers…
What is the point of Project Zero? Chris Evans, head of Project Zero writes:
Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We’re hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet.
As Project Zero is a Google operation, researchers are not limited to finding vulnerabilities in Google products. Instead, Google is allowing the security researchers to freely choose what products they analyze. The reporting process for the discovered flaws is noted below”
- The Project Zero team will hunt for zero-day vulnerabilities in Popular Softwares.
- Google will report flaws to vendors.
- Google will release full vulnerability disclosure only when the vendor issues a patch for it.
- Every bug will be filed transparently in an external database (here).
“We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time,” Evans concludes.
With Google’s resources and backing of Project Zero, this is a true advancement to information security (infosec) and security communities worldwide..