Photokina 2014 highlights

Google announces team of zero day bug-hunters

By

July 16, 2014

Google has announced a new and well-staffed team tasked with finding software vulnerabilit...

Google has announced a new and well-staffed team tasked with finding software vulnerabilities (Photo: Shutterstock)

When the Heartbleed security flaw was detected earlier this year, it was estimated that two-thirds of the world's servers were vulnerable to attack. Flaws such as this, that exist before they are detected, are known as "zero day" flaws. Now, Google has set up a team to combat them.

Google was one of the parties involved in the discovery and subsequent reporting of the Heartbleed vulnerability, as part of its "part-time" security research program. The firm says that the success of that research has led it to setting up what's described as a "new, well-staffed team called Project Zero."

The aim of Project Zero is to "significantly reduce the number of people harmed by targeted attacks." Google says there will be no constraints placed on the project and that it will cover any software used by large numbers of people.

In addition to detecting flaws, the team will pay attention to the techniques, targets and motivations of attackers. All bugs discovered will be reported to the vendor and then logged in an external, public database. Database users will be able to monitor vendor time-to-fix performance, see discussions about exploitability and view historical exploits and crash traces.

"We’ll use standard approaches such as locating and reporting large numbers of vulnerabilities," says Google research herder Chris Evans in a blog post. "In addition, we’ll be conducting new research into mitigations, exploitation, program analysis – and anything else that our researchers decide is a worthwhile investment."

In addition to notifying vendors of any bugs, Google says it will work with them to produce and apply fixes in a reasonable time.

Source: Google

About the Author
Stu Robarts Stu is a tech writer based in Liverpool, UK. He has previously worked on global digital estate management at Amaze and headed up digital strategy for FACT (Foundation for Art and Creative Technology). He likes cups of tea, bacon sandwiches and RSS feeds.   All articles by Stu Robarts
Tags
4 Comments

It's a no-brainer where the data will end up, where else but the NSA!

thk
16th July, 2014 @ 04:40 pm PDT

Good on Google for doing this.

Governments need to pass laws and start putting hackers with serious criminal intent in jail with life sentences, or the death penalty where it is allowed.

robo
17th July, 2014 @ 09:44 am PDT

OK Google lobby NSA to open up files on users to your browser, services IE Google Maps alone.

Bravo

OK now for other companies to do same

Needed.

Stephen N Russell
17th July, 2014 @ 03:45 pm PDT

We are going to find all the security holes we can and report the one we don't find particularly useful. --- Google.

Slowburn
20th July, 2014 @ 01:52 pm PDT
Post a Comment

Login with your gizmag account:

Or Login with Facebook:


Related Articles
Looking for something? Search our 28,557 articles