Google has hired a team of hackers to sniff out some of the biggest bugs lurking within the Internet as a part of a new project it calls “Project Zero.”
The Project Zero team aims to reduce the number of people affected by targeted attacks and stop bugs like Heartbleed early on. Google said the new hires will be “contributing 100% of their time toward improving security across the Internet.”
“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” Chris Evans, a member of Google’s security research team, wrote in an official blog post. “Yet in sophisticated attacks, we see the use of ‘zero-day’ vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.”
When a bug is discovered, the team will report it to the software’s vendor, not to third parties, and file it in a public database. In addition to locating and reporting vulnerabilities, it will be providing analysis too.
“Once the bug report becomes public (typically once a patch is available), you’ll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces,” Evans said. “We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time.”