Talking tech since 2003
Chris Evans George Hotz Google Heartbleed Project Zero

Google Launches Project Zero to Protect Users From Zero-Day Vulnerabilities

by Eli Sorich 2 min read

Google is making it’s next move in becoming either a superhero or supervillian organization. Under the title Project Zero, Google is hiring a team of elite hackers to locate vulnerabilities in the software of the globe. Jeez, just take over the world already.

Project Zero is Google’s response to the zero-day vulnerabilities that continue threaten their software. A zero-day vulnerability is an unforeseen flaw in a given computer application that allows an attacker to access information, sell it, alter it, anything. The Heartbleed Bug is a perfect example of the type of security flaw the Project Zero team would work to identify.

The team would focus on Google’s software, but are going expand their horizons to third-party code that influences Google users. Chrome, for instance, requires software like Adobe Flash and operating systems like Mac, Windows, and Linux to run. The Project Zero team would search for flaws in these types of software and systems to eliminate the tenuousness of relying upon other companies to protect their users.

Once the flaws were located, the information would be stored in an external database and reported to the software’s vendor as quickly as possible. The company responsible would then have 60 to 90 days to fix it before the the flaw would be publicly revealed on the Project Zero Blog (but would be pressured them to fix it in as few as seven).

Chris Evans, a security engineer at Google, is the head of the team. Ben Hawkes––a New Zealander who discovered bugs in Adobe Flash and Microsoft office––Tavis Ormandy––a renowned English bug-hunter who demonstrated that some antivirus software can actually make users more vulnerable–– and George Hotz––a hacker prodigy who broke through Chrome’s defenses and was given a $150,000 reward by Google for it–– are the confirmed team members as of now. The goal is to have over ten full-time hacking researchers, so Project Zero is still hiring.

The motivation for Google to put together this task-force is fairly clear. But Evans puts it particularly well: “If we increase user confidence in the internet in general, then in a hard-to-measure and indirect way, that helps Google too.” Google is a company that lives and breathes off the internet, and people are increasingly tired of feeling unsafe with their information. Trust in the company was pretty low when people learned that the NSA was using Google to spy users, and Project Zero feels like a direct response to that. 

Every time something new comes out, the risk of a zer0-day threat is present. Is this process going to be a vicious cycle, or will one side beat the other? Really, I have no doubts that the Project Zero team is going to be effective, but I get the feeling that the scope of their goals is going to expand. It’s entirely possible that team could be hired by other companies or, dare I say it, the government. This project is very fresh, but so far I like the looks of it. I don’t mind the concept of this team expanding in the future because their aims seem to be noble. And since it’s beneficial to Google, I have a feeling they’ll stay that way.

Source: Wired.com

Read more posts by this author

Eli Sorich

Eli is a student at Carleton College pursuing a BA in Physics/English. He likes writing and reading stories, his favorite author is Ray Bradbury, and he owns and uses an English Longbow. His life goa

The link has been copied!
You've successfully subscribed to BestTechie
Welcome back! You've successfully signed in.
Great! You've successfully signed up.
Your link has expired
Success! Your account is fully activated, you now have access to all content.