HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 7 MINUTES AGO.
You are here: Home / Hardware / Can Google Stop Zero Day Flaws?
Can Google Put an End to Zero Day Flaws?
Can Google Put an End to Zero Day Flaws?
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
16
2014


Google wants the Internet-using world to know that security is a top priority. That’s the message behind the launch of Project Zero, a team of researchers on the prowl for cyber threats and vulnerabilities.

“Beyond securing our own products, interested Googlers also spend some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed,” Chris Evans, research herder at Google, wrote in a blog post. “The success of that part-time research has led us to create a new, well-staffed team called Project Zero.”

This Needs to Stop

As Evans sees it, you should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, he noted, Google’s security team see the use of "zero-day" vulnerabilities that do everything from targeting human rights activists to conducting industrial espionage.

“This needs to stop. We think more can be done to tackle this problem,” Evans said. “Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100 percent of their time toward improving security across the Internet.”

Google is promising not to place any particular bounds on the project. The company also vowed to work toward improving the security on any software that large numbers of people depend on. That, Evans said, means paying careful attention to the techniques, targets and motivations of attackers.

“We'll use standard approaches such as locating and reporting large numbers of vulnerabilities,” he said. “In addition, we'll be conducting new research into mitigations, exploitation, program analysis -- and anything else that our researchers decide is a worthwhile investment.”

Google Hiring Security Gurus

Evans also committed to working transparently. That means every bug Project Zero discovers will be filed in an external database. Google will only report bugs to the software’s vendor in as close to real-time as possible, not to third parties. And once a bug report makes its way to the public, which typically happens after a patch is available, you can monitor vendor time-to-fix performance, review discussions about exploitability, and see historical exploits and crash traces.

And with that, Evans made another announcement: Google is hiring.

“We believe that most security researchers do what they do because they love what they do. What we offer that we think is new is a place to do what you love -- but in the open and without distraction. We'll also be looking at ways to involve the wider community, such as extensions of our popular reward initiatives and guest blog posts," he said.

We caught up with Paul Ducklin, senior security advisor at Sophos, to get this thoughts on Project Zero. He told us security-minded individuals and companies like Sophos all try to do their best to go the "extra mile" to give back to the community. Sophos, for example, partnered with the Queensland Police in Australia on a security project.

“If there is one thing I'd love to see Google wrap into this Project Zero it would be to put more pressure on,” Ducklin said, “and to make it easier for its own Android partners to ship security updates to end users."

Tell Us What You Think
Comment:

Name:

Bobby Roper:
Posted: 2014-07-17 @ 3:57am PT
How about instead of using google, give a non tracking leave me alone search engine called http://LookSeek.com I will sacrifice a little to get a lot.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN HARDWARE
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Microsoft has some bitter rivals in the technology industry, but when it comes to thwarting government intrusion on customer privacy the software giant has plenty in common with its rivals.

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.