Google Announces Project Zero To Hunt Bugs Across The Net

Google has revealed the existence of Project Zero, a new effort to spot and fix critical vulnerabilities before they can be used in cyber attacks.

The project’s scope will not be limited to Google’s products and services – it is interested in improving the security of any software that’s used to run the Web.

For these purposes, Project Zero will employ a “well-staffed” team of researchers and hackers. According to Wired, it has already recruited experienced bug-hunters Ben Hawkes, Tavis Ormandy and Ian Beer, as well as a single intern – George ‘geohot’ Hotz – a young hacker who came to prominence after successfully circumventing protection of several Apple and Sony products.

“Our objective is to significantly reduce the number of people harmed by targeted attacks. We’re hiring the best practically-minded security researchers and contributing 100 percent of their time toward improving security across the Internet,” wrote Chris Evans, the head of the project.

Avengers assemble

Project Zero will focus on previously unknown, so-called ‘zero-day’ vulnerabilities (previously unknown issues), in any software “depended upon by large numbers of people”. In other words, the team hopes to pick up on problems like the recent Heartbleed hole in the OpenSSL code which is widely used in web applications.

“We’ll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we’ll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment,” explained Evans.

The project team will report its discoveries to the relevant software vendor. Once a patch becomes available, it will also publish the results of this work in an external database. This database will enable other security experts to monitor time-to-fix performance and view historical exploits.

It’s worth noting that because they are previously unknown, zero-day exploits  have become a valuable commodity often sold for $50,000 – $100,000 on underground forums. It is especially refreshing to see Google spend its own money in order to keep these vulnerabilities out of the hands of cyber criminals.

One of the most intriguing members of the team is Holtz. At the tender age of 17, he became the first person to bypass Apple’s operator lock in 2007. Later, the hacker got in legal trouble after successfully reverse-engineering anti-piracy protection on Sony’s PlayStation 3. And in 2013, he received $150,000 from Google after pointing out flaws in its Chrome OS.

Project Zero is still hiring, and qualified security experts might want to get in touch with the company – as it happens, most of the current team members are British. Google said it wants to build a community around the project, with reward initiatives and its own independent blog.

Some have questioned whether Project Zero can really make an impact on the security landscape. “Of course, Google may recruit the best team possible, but the nature of zero-day attacks, and today’s connected world in general, means that, inevitably, things will fall through the cracks,” commented Ross Brewer, VP and MD for international markets at LogRythm.

“While many of us may rely solely on Google to answer our day-to-day search queries, it would be an error to rely on them to protect our networks in equal measure.

“We’re all building a similar jigsaw and working together could just help us find a crucial missing piece.”

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago