Printed from http://www.electronista.com

Google fires up 'Project Zero' universal Internet security program

updated 03:38 pm EDT, Tue July 15, 2014

Google not limiting effort to internal apps -- any vendor is fair game

Google has launched a new web-wide security project. Titled "Project Zero", the effort by the search behemoth has the lofty goal to "significantly reduce the number of people harmed by targeted attacks." Google intends to have no bounds for the project, planning on working to "improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers."

The effort will be transparent -- every bug that the company discovers will be reported to the software vendor for rectification by the developer, and not made public until the flaw is fixed and patches are widely distributed. Following public notation of the flaw, users will be able to "monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces." Adding these metrics will help the public assess which vendors are better at security assessment.

Google researchers are already often credited with finding bugs, for example in Apple or Microsoft security fixes. The blog post trumpeting the program says that the Project Zero team will "use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis - and anything else that our researchers decide is a worthwhile investment."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. Makosuke

    Forum Regular

    Joined: 08-06-01

    What's a little sad is that one or more world governments haven't done something similar already. Yes, the internet is self-policing and all, but given the value of cybercrime (both to private and state parties), you'd think at least one government would've seen it worth while to throw a few million defense dollars at a similar program.

    (And yes, the creepy US security agencies claim they report software flaws they find to the vendors so they can fix them before another government takes advantage of them. At this point, how many people really believe that?)

  1. prl99

    Dedicated MacNNer

    Joined: 03-24-09

    Google should start by fixing its own software first then worrying about others.

  1. shawnde

    Fresh-Faced Recruit

    Joined: 04-01-08

    @Makosuke

    Of course the governments are NOT going to go after this .... especially true of the US government, but the rest are not far behind. They LOVE the fact that there are vulnerabilities in all these software programs ... they exploit them to their advantage so that they can spy on you. You'll never see any government step up for security.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

ActvContent Sync Smartband

Smartbands of all sorts are hitting the market. Some build on the buzz around fitness trackers, while others offer simpler features fo ...

RocketStor 6324L Thunderbolt 2 eSATA bridge

Like it or not, the shift to Thunderbolt is underway. The connection is extremely flexible, allowing for video and data to co-habitate ...

Patriot Stellar Boost XT 64GB USB 3.0 drive

A vast selection of USB memory sticks means that consumers can often find exactly the size drive they need in a configuration that can ...

Sponsor

toggle

Most Commented

 
toggle

Popular News