Google Begins Project Zero - Hunts For Flaws In Software Before The NSA Can Find Them

Google is hiring a full-time team of security researchers to find flaws in the most widely used software on the internet. The team is going to comb through all kinds of widely used software to look for flaws and then disclose the flaws to the people responsible for publishing the software.

The project is hopefully designed to thwart organized crime and advanced persistent threats (like the NSA, GCHQ and other clandestine agencies) in their tracks by making the worlds software stronger and more resistant to easy attack. This project would have two major benefits. Firstly, it will make the software of the world safer, and secondly, it will restore confidence in the software that Project Zero has looked at.

The procedure is pretty loosely defined. Researchers on the team will find a security flaw, and it will in "near real time" be reported to the company for patching. Google will then load the details of the bug into a database, where it will remain undisclosed to the public for 60-90 days until a patch is released. If no patch is released and the software remains vulnerable, it appears that the team will still disclose the bug to the public after this time period expires.

More information can be found at:

< last
next >