Computers

Google announces team of zero day bug-hunters

Google announces team of zero day bug-hunters
Google has announced a new and well-staffed team tasked with finding software vulnerabilities (Photo: Shutterstock)
Google has announced a new and well-staffed team tasked with finding software vulnerabilities (Photo: Shutterstock)
View 1 Image
Google has announced a new and well-staffed team tasked with finding software vulnerabilities (Photo: Shutterstock)
1/1
Google has announced a new and well-staffed team tasked with finding software vulnerabilities (Photo: Shutterstock)

When the Heartbleed security flaw was detected earlier this year, it was estimated that two-thirds of the world's servers were vulnerable to attack. Flaws such as this, that exist before they are detected, are known as "zero day" flaws. Now, Google has set up a team to combat them.

Google was one of the parties involved in the discovery and subsequent reporting of the Heartbleed vulnerability, as part of its "part-time" security research program. The firm says that the success of that research has led it to setting up what's described as a "new, well-staffed team called Project Zero."

The aim of Project Zero is to "significantly reduce the number of people harmed by targeted attacks." Google says there will be no constraints placed on the project and that it will cover any software used by large numbers of people.

In addition to detecting flaws, the team will pay attention to the techniques, targets and motivations of attackers. All bugs discovered will be reported to the vendor and then logged in an external, public database. Database users will be able to monitor vendor time-to-fix performance, see discussions about exploitability and view historical exploits and crash traces.

"We’ll use standard approaches such as locating and reporting large numbers of vulnerabilities," says Google research herder Chris Evans in a blog post. "In addition, we’ll be conducting new research into mitigations, exploitation, program analysis – and anything else that our researchers decide is a worthwhile investment."

In addition to notifying vendors of any bugs, Google says it will work with them to produce and apply fixes in a reasonable time.

Source: Google

4 comments
4 comments
thk
It's a no-brainer where the data will end up, where else but the NSA!
Robert in Vancouver
Good on Google for doing this.
Governments need to pass laws and start putting hackers with serious criminal intent in jail with life sentences, or the death penalty where it is allowed.
Stephen N Russell
OK Google lobby NSA to open up files on users to your browser, services IE Google Maps alone. Bravo OK now for other companies to do same Needed.
Slowburn
We are going to find all the security holes we can and report the one we don't find particularly useful. --- Google.