Google thinks global Internet Security with Project Zero

Google thinks global Internet Security with Project Zero

Newly formed team of security researchers wants to root out security issues with popular software, not just Google’s

Google is increasing its efforts in Internet security and is looking to hire security researchers for its newly formed Project Zero team.

In a post in Google’s Online Security Blog, Google researcher Chris Evans said “people should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect a computer, steal secrets, or monitor communications”, but sophisticated zero-day day attacks, targeting human rights activists. Google believes more can be done to tackle the problem.

“Project Zero is our contribution to start the ball rolling,” said by Evans.

“Our objective is to reduce the number of people harmed by targeted attacks. We are hiring the best practically minded security researchers and contributing 100 percent of their time toward improving security across the Internet.”

Analyst Adrian Sanabria, “What’s most relevant here is that Project Zero is not just targeting bugs and vulnerabilities in Google’s own software, they’re targeting anything that could threaten Internet users, many of which are directly or indirectly Google customers,” he said. “There’s nothing better than a self-serving project that also benefits the common good.” With its considerable clout, Google has a much better chance of fixing bug in a reasonable timeframe.

All bugs discovered will be filed in an database and reported to the software’s vendor & not third parties. “Once the bug report becomes public ,typically once a patch is available, you’ll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view exploits and crash traces,” Evans said

Google often is criticized for violating privacy rights, with its ability to track users’ searching habits to send targeted ads. But Sanabria sees that as a different issue. “I could, however, see people nervously pointing out that Google will potentially own a lot of zero days ; perhaps more than some governments’ offensive cyber divisions,” Sanabria said. “I can’t see any realistic danger from this, except that Google might become a target from people who want the millions of dollars’ worth of zero days they might have.”

Previous security efforts at Google have included using strong SSL encryption by default for its Search, Gmail, and Drive applications and encrypting data moving between Google data centers.

One Comment

  1. Carlee January 2, 2017 Reply

Add a Comment

Your email address will not be published. Required fields are marked *