Announcing Project Zero
Today Google has publicly revealed its new initiative called “Project Zero,” a team of Star Hackers and Bug Hunters with the sole mission to improve security and protect the Internet.
A team of superheroes in sci-fi movies protect the world from Alien attack or bad actors, likewise Project Zero is
a dedicated team of top security researchers, who have been hired by
Google to finding the most severe security flaws in software around the
world and fixing them.
PROTECT ZERO vs ZERO-DAY
Project Zero gets its name from the term "zero-day," and team will make sure that zero-day vulnerabilities don't let fall into the wrong hands of Criminals, State-sponsored hackers and Intelligence Agencies.
"Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage." Chris Evans said, who was leading Google’s Chrome security team and now will lead Project Zero.
Zero-day vulnerabilities could give bad actors the power to completely
control target users’ computers, and in such scenario - no encryption
can protect them.
RECRUITMENT OF STAR HACKERS
Google has already recruited some hackers at Project Zero:
- Ben Hawkes - an independent researcher from New Zealand, and well known for discovering dozens of bugs in software like Adobe Flash and Microsoft Office.
- George Hotz - best known for hacking Sony PlayStation 3, cracking iPhone and Google's Chrome browser.
- Tavis Ormandy - working as an Information Security Engineer at Google and known for discovering lots of critical zero-day vulnerabilities in various softwares.
- and many more..
Main objective of the Project Zero is to significantly reduce the number of people harmed by targeted attacks.
"We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet." Chris added.
TEAM WORK
However, they are not restricted to finding bugs in Google's products
only, rather they can choose targets by themselves strategically, but
possibly team would majorly focus on the softwares that relied upon by a
significant number of people. Flaw hunting and reporting process will
be as mentioned below:
- The Project Zero team will hunt for zero-day vulnerabilities in Popular Softwares.
- Google will report flaws to vendors.
- Google will release full vulnerability disclosure only when the vendor issues a patch for it.
- Every bug will be filed transparently in an external database.
"We'll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment." Chris said.
Google is looking forward to grow their team of security experts and is
making every effort to dedicatedly contribute to the Infosec Community.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.