News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
GET RECOGNIZED
Let an ISACA® certification elevate your career.
Register today and save
You are here: Home / Cloud Computing / Can Google Stop Zero Day Flaws?
DDoS Protection Powered By Verisign
Can Google Put an End to Zero Day Flaws?
Can Google Put an End to Zero Day Flaws?
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
16
2014



Google wants the Internet-using world to know that security is a top priority. That’s the message behind the launch of Project Zero, a team of researchers on the prowl for cyber threats and vulnerabilities.

“Beyond securing our own products, interested Googlers also spend some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed,” Chris Evans, research herder at Google, wrote in a blog post. “The success of that part-time research has led us to create a new, well-staffed team called Project Zero.”

This Needs to Stop

As Evans sees it, you should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, he noted, Google’s security team see the use of "zero-day" vulnerabilities that do everything from targeting human rights activists to conducting industrial espionage.

“This needs to stop. We think more can be done to tackle this problem,” Evans said. “Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100 percent of their time toward improving security across the Internet.”

Google is promising not to place any particular bounds on the project. The company also vowed to work toward improving the security on any software that large numbers of people depend on. That, Evans said, means paying careful attention to the techniques, targets and motivations of attackers.

“We'll use standard approaches such as locating and reporting large numbers of vulnerabilities,” he said. “In addition, we'll be conducting new research into mitigations, exploitation, program analysis -- and anything else that our researchers decide is a worthwhile investment.”

Google Hiring Security Gurus

Evans also committed to working transparently. That means every bug Project Zero discovers will be filed in an external database. Google will only report bugs to the software’s vendor in as close to real-time as possible, not to third parties. And once a bug report makes its way to the public, which typically happens after a patch is available, you can monitor vendor time-to-fix performance, review discussions about exploitability, and see historical exploits and crash traces.

And with that, Evans made another announcement: Google is hiring.

“We believe that most security researchers do what they do because they love what they do. What we offer that we think is new is a place to do what you love -- but in the open and without distraction. We'll also be looking at ways to involve the wider community, such as extensions of our popular reward initiatives and guest blog posts," he said.

We caught up with Paul Ducklin, senior security advisor at Sophos, to get this thoughts on Project Zero. He told us security-minded individuals and companies like Sophos all try to do their best to go the "extra mile" to give back to the community. Sophos, for example, partnered with the Queensland Police in Australia on a security project.

“If there is one thing I'd love to see Google wrap into this Project Zero it would be to put more pressure on,” Ducklin said, “and to make it easier for its own Android partners to ship security updates to end users."

Tell Us What You Think
Comment:

Name:

Bobby Roper:

Posted: 2014-07-17 @ 3:57am PT
How about instead of using google, give a non tracking leave me alone search engine called http://LookSeek.com I will sacrifice a little to get a lot.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN CLOUD COMPUTING
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Russian Gang with Stolen IDs Hacks Hosting Company
In August, a Russian cyber gang obtained what researchers called “the largest cache of stolen data." Now, those hackers may be putting their ill-gotten gains to criminal use.
 
Dairy Queen Latest Retailer To Report Hack
Known for its hot fries and soft-serve ice cream, Dairy Queen just made cyber history as the latest victim of a hack attack. The fast food chain said that customer data at some stores may be at risk.
 
Lessons from the JPMorgan Chase Cyberattack
JPMorgan Chase is investigating a likely cyberattack. The banking giant is cooperating with law enforcement, including the FBI, to understand what data hackers may have obtained.
 

Enterprise Hardware Spotlight
AMD's New FX Series CPU Breaks Processing Speed Record
The new FX-8370 processor from Advanced Micro Devices has set a record for silicon processor speed, the company announced. Overclocked, the eight-core chip was measured at 8722.78 MHz.
 
Intel Intros Lightning-Fast PC Processors
Call it extreme. Intel just took the covers off its first-ever eight-core desktop processor, which is aimed at hardcore power users who expect more than the status quo from their computers.
 
HP Previews ProLiant Gen9 Data Center Servers
Because traditional data center and server architectures are “constraints” on businesses, HP is releasing new servers aimed at faster, simpler and more cost-effective delivery of computing services.
 

Mobile Technology Spotlight
Rumor Mill Puts Mobile Wallet in iPhone 6
Apple is moving toward the mobile wallet world with its next iPhone. The tech giant has partnered with retailers, banks and major payment networks to make it happen, according to Bloomberg.
 
Will iPhone Finally Catch Up with NFC Mobile Payment Ability?
Apple's latest version of the iPhone may have a mobile wallet to pay for purchases with a tap of the phone. The iPhone 6 reportedly is equipped with near-field communication (NFC) technology.
 
Visual Search To Shop: Gimmick or Game Changing?
Imagine using your phone to snap a photo of the cool pair of sunglasses your friend is wearing and instantly receiving a slew of information about the shades along with a link to order them.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech | Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.