tech2 News StaffJul 16, 2014 13:35:03 IST
Ever since the extensive NSA spying programmes were revealed last year, Google has been stepping up its efforts to make its services more secure and spy-proof. It has also worked with other online properties in bringing awareness about surveillance and telling users how to protect themselves.
And now, the company has taken the next big step towards making the Internet a safer, more secure place with Project Zero. The aim of Project Zero will be to greatly reduce the number of online users harmed by targeted attacks, whatever the source of origin. Google will put in place a specialised team who will search for critical vulnerabilities around the Web, in apps and in communication services, before bringing them to light and possibly quashing them.
"We’re hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet," Project Zero researcher Chris Evan said while introducing it in a blog post. The most important part of the announcement followed this, "We’re not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers."
Under the project, the bugs discovered by researches will be submitted to an external database. Google says it will only report bugs directly to the software vendor and not through third-parties. In case of the most dangerous zero-day exploits, Google's team will attempt to fix the vulnerability first before contacting the vendor. For the general public, Google will provide vendor time-to-fix performance, discussions about exploitability, and historical exploits and crash traces, after a patch has been submitted by the vendor. To this end, Google is hiring security researchers for Project Zero, and says it will be looking for ways to involve the wider development community.
Google does not explicitly mention government organisations which leave behind malware and exploits around the web to spy on individuals, but there's reason to believe these will also be part of the database. For example, when the major HeartBleed bug was discovered, the NSA was accused of knowing about it, and using it to spy on individuals, before it was revealed in the open by the security community. With Project Zero, Google is hoping to avoid late discoveries of such vulnerabilities so that they can be fixed before being exploited, regardless of the motive.
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.