Google is already working on a number of projects including the Project Loon, Project Tango and Google Cars under Project X and the latest mission on the agenda is Project Zero, aimed at cracking down “zero day” vulnerabilities.
Google’s Christ Evans wrote in a blog post that the company has initiated Project-Zero – a team of security engineers that will be on the watch for vulnerabilities in the Internet and software, with a mission to “significantly reduce” the number of users targeted by hackers.
Though not fully established, the group is still hiring security experts with interests in beefing up security. Project Zero became a more serious idea after it was found that their efforts on hunting for security vulnerabilities that brought to light the existence of dangerous vulnerabilities like HeartBleed, was successful.
Evans also wrote that the human rights activists and other major firms should be able to function without having to be too cautious about cyber attacks. He also wrote that Google thinks that further research could help tackle the issue and that includes absorbing more security experts into the vacant positions in Project Zero.
He also said that the company will not define particular boundaries to the project and will work on the software used by large numbers of people focusing mainly on the techniques, targets and motivation of attackers.
The bugs dug out will be available for public reference on an external database and any developer can refer to it and make their program free of the known vulnerabilities. The bug report will include exploitability, historical exploits and crash traces.
Project Zero team also commits to deliver vendors real time data regarding the bugs found in their product and also partner with them to develop a patch in a “reasonable time,” suggesting that Google might start a paid service for such temporary partnerships. However, the company has not yet commercialized its Project Shield started to block distributed denial of service.
