Google today launched Project Zero, an internal security team for finding bug and vulnerabilities in third party softwares. Google want its user to use the internet without any fear of attacks or stealing personal information or monitoring your secrets.
Google announced about Project Zero in its blog, “You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of “zero-day” vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.
Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We’re hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet.”
Google has also hired a team of hackers to find out some of the biggest bugs available on the Internet as a part of a new project “Project Zero.” When a bug is discovered by the team of hackers, it will be reported to the software’s vendor and will file it in a public database.
“We commit to doing our work transparently. Every bug we discover will be filed in an external database. We will only report bugs to the software’s vendor—and no third parties. Once the bug report becomes public (typically once a patch is available), you’ll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces.”, Evans said, “We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time.”
This step of Google will surely reduce the number of users affected by targeted attacks and bugs like Heartbleed early. The safer the better!!