Google’s « Project Zero » to reduce Internet vulnerabilities
In a post published on July 15th 2014, Google’s Online Security blog announced the launch of Project Zero, a team of “best practically-minded security researchers” – hackers – to work in favour of internet security.
The aim of this team and project is to put an end to major internet vulnerabilities and making sure “you [are] able to use the web without fear that a criminal or state-sponsored actor […] exploiting software bugs to infect your computer, steal secrets or monitor your communications.”
Google explained this project will focus on “paying careful attention to the techniques, targets and motivations of attackers” in order to improve internet security without discriminating on the basis of the origin of the software. So as not to create chaos, the discovered bugs will only be disclosed to the software editors and creators.
They will work transparently by locating and reporting large numbers of vulnerabilities, all will be filed in this external database. Once a patch fixing the bug is available, you will be able to follow the reactivity of the software editor. The Project zero team will also help editors to fix the bugs and offer a rapid solution to the vulnerabilities as well as sending real-time reports on these bugs.
Not only will Google hire hackers, they will also involve “the wider community, such as extensions of our popular reward initiatives and guest blog posts”.
You can follow the evolution of this project on the blog dedicated to it: Google Project Zero.