Google has had a eventful week, and it continued it with the unveiling of Project Zero. Mountain View is putting together a team solely dedicated to making the internet a safer place for all users. The idea is that the company has invested a large amount of resources in making their products secure against outside attacks, and is now extending that same kind of quality control to everyone who operates online.
Project Zero team members will put 100% of their efforts into looking for vulnerabilities and bugs in webservices. This means all webservices, and not just those maintained by Google. A post on Google’s official blog summarises the scope of the whole issue.
“We’re not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers. We’ll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we’ll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment.”
It would appear that Google is no longer taking chances about internet security, not after its own services were affected by the HeartBleed bug that still leaves large portions of the internet vulnerable to attacks. It is unknown if Google’s fork in the OpenSSL cryptographic library is part of Project Zero, or if the company is still keeping that as a separate entity.
More importantly, Google is hiring personnel for this project. Future updates can be found at the Project Zero blog.
[Source: The Next Web]