Insights For Success

Strategy, Innovation, Leadership and Security

Google's Project Zero wants to protect the internet from evil

technologyEdward KiledjianComment
Image by  Kris Krug  under creative commons license

Image by Kris Krug under creative commons license

Google has created a new initiative called Project Zero where it aims to hire superstar hackers and use them to improve intent security. Their goal will be to use their expertise and Google's resources to find security issues with foundational internet technologies.

Zero-day back market

Newly discovered security issues (bugs, vulnerabilities or anything exploitable) that have not yet been announced are called zero day vulnerabilities. there is a healthy black market buying and selling these vulnerabilities (typical buyers are organized crime, criminals or intelligence agencies). The fact that these are unknown by the manufacturers or general population is what makes these more easily exploitable vulnerabilities worth so much.

In the blog post announcing Project Zero, Google says

You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of “zero-day” vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.

Google is committed to responsible handling of discoveries which means they will first notify affected vendors, give them time to patch the security vulnerabilities before announcing it to the world. 

Google Blog post announcing Project Zero (link)

Database where vulnerabilities will be made public for the general public and academic research (link)