Purchasing new hardware? Read our latest product comparisons
ADVERTISEMENT

Google announces team of zero day bug-hunters

By

July 16, 2014

Google has announced a new and well-staffed team tasked with finding software vulnerabilities (Photo: Shutterstock)

Google has announced a new and well-staffed team tasked with finding software vulnerabilities (Photo: Shutterstock)

When the Heartbleed security flaw was detected earlier this year, it was estimated that two-thirds of the world's servers were vulnerable to attack. Flaws such as this, that exist before they are detected, are known as "zero day" flaws. Now, Google has set up a team to combat them.

Google was one of the parties involved in the discovery and subsequent reporting of the Heartbleed vulnerability, as part of its "part-time" security research program. The firm says that the success of that research has led it to setting up what's described as a "new, well-staffed team called Project Zero."

The aim of Project Zero is to "significantly reduce the number of people harmed by targeted attacks." Google says there will be no constraints placed on the project and that it will cover any software used by large numbers of people.

In addition to detecting flaws, the team will pay attention to the techniques, targets and motivations of attackers. All bugs discovered will be reported to the vendor and then logged in an external, public database. Database users will be able to monitor vendor time-to-fix performance, see discussions about exploitability and view historical exploits and crash traces.

"We’ll use standard approaches such as locating and reporting large numbers of vulnerabilities," says Google research herder Chris Evans in a blog post. "In addition, we’ll be conducting new research into mitigations, exploitation, program analysis – and anything else that our researchers decide is a worthwhile investment."

In addition to notifying vendors of any bugs, Google says it will work with them to produce and apply fixes in a reasonable time.

Source: Google

ADVERTISEMENT
About the Author
Stu Robarts Stu is a tech writer based in Liverpool, UK. He has previously worked on global digital estate management at Amaze and headed up digital strategy for FACT (Foundation for Art and Creative Technology). He likes cups of tea, bacon sandwiches and RSS feeds. All articles by Stu Robarts
Tags
4 Comments

It's a no-brainer where the data will end up, where else but the NSA!

thk

Good on Google for doing this.

Governments need to pass laws and start putting hackers with serious criminal intent in jail with life sentences, or the death penalty where it is allowed.

robo

OK Google lobby NSA to open up files on users to your browser, services IE Google Maps alone. Bravo OK now for other companies to do same Needed.

Stephen Russell

We are going to find all the security holes we can and report the one we don't find particularly useful. --- Google.

Slowburn
Post a Comment

Login with your Gizmag account:

Related Articles
Looking for something? Search our articles
ADVERTISEMENT
ADVERTISEMENT