Project Zero: Google's New Security-focused Initiative

Article by George Norman (Cybersecurity Editor)

on 18 Jul 2014

Security is not something that should be taken lightly. And search engine giant Google certainly doesn’t do that. The company has shown time and time again that it takes security seriously. It implemented SSL encryption by default for Google Search, Gmail and Drive, it encrypts data moving from one data center to another, it aids research that leads to the discovery of dangerous bugs, and it constantly looks for ways to secure its products.

Speaking about that, people should be able to use software products without having to worry about criminal or state-sponsored attacks. You see, people with malicious intent use zero-day vulnerabilities to perform targeted attacks, infect computers, monitor communications, steal data, and so on. Google things that this needs to stop! Google believes that any software product that is used by large amounts of people should be safe!

“Project Zero is our contribution, to start the ball rolling,” said Google security engineer Chris Evans. “Our objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet.”

Project Zero is a new initiative that focuses on the security of “any software depended upon by large numbers of people”. A well-staffed team of security experts will analyze popular software with the aim of finding security holes that could be exploited by people with malicious intent. Uncovered bugs will be filed in an external database, developers will be notified about these uncovered bugs, research will be conducted to find mitigations for uncovered bugs.

Chris Evans again:
“We commit to doing our work transparently. Every bug we discover will be filed in an external database. We will only report bugs to the software's vendor—and no third parties. Once the bug report becomes public (typically once a patch is available), you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces. We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time.”

News and updates from the Project Zero team will be published on the official Project Zero blog.



Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all