Google os launching Project Zero, an attempt to weed out security bugs in third party applications through which Google users could be affected.
These flaws or bugs are known as zero-day vulnerabilities. Through these imperfections, hackers of criminal, industrial and governmental origin can infect computers, steal data and identities, conduct espionage and install spyware, malware and ransomware.
Google has its own interests in mind in this project, of course. The company wants to protect its users from any calamity encountered through the use of Google, and it wants to protect its advertising revenue by safeguarding its links to third party sites and building user confidence in the security of those links.
But more so than that, Google recognizes the greater need for Internet security for the integrity and safety of the Internet as a whole.
To that end, Project Zero is hiring the best hacking minds it can find. The mission of Project Zero is detailed in a blog post by Google "Research Herder" Chris Evans. He wrote "You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of zero-day vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem. Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100 percent of their time toward improving security across the Internet."
The Project Zero team will report bugs directly to the vendor of the exposed software. That company will be given time to prepare a patch. Once the patch is available the bug will be reported publicly, in a published database that will allow visitors to track the timeline of response by the software vendor.
Although plug-in applications such as Adobe Flash Player remain both omnipresent and a favorite target of hackers, the Project Zero program will not just focus on the obvious and frequent sources of bugs. It will cast a wide net with no real limitations as to the breadth of the program.
This is not Google's only contribution towards bug squashing. The company already has a bounty program in place since 2010, described here. Rewards for finding the bad guys range from $100 to $20,000.
Google is hiring now, so any nimble-fingered and nimble-minded hackers reading this, feel free to apply.
