Google to assemble bug hunter team
Posted by: Timothy Weaver on 07/16/2014 10:15 AM
[
Comments
]
Google plans on forming a well staffed research team called Project Zero. The company wants to hire the "best of the best" to help it find zero-day vulnerabilities.
Chris Evans of Google outlines the group's lofty aim:
• You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.
• Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100 per cent of their time toward improving security across the Internet.
"Locating and reporting large numbers of vulnerabilities" will be accompanied by "new research into mitigations, exploitation, program analysis" and other things, according to Evans.
Evans concluded: "We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time."
Chris Evans of Google outlines the group's lofty aim:
• You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.
• Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100 per cent of their time toward improving security across the Internet.
"Locating and reporting large numbers of vulnerabilities" will be accompanied by "new research into mitigations, exploitation, program analysis" and other things, according to Evans.
Evans concluded: "We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time."
Comments
