Google’s Project Zero Looks for Faults in Third-Party Software

Project Zero is an internal team of security specialists that will hunt down any bugs in third-party software, in order to alert antivirus developers. Of course, the search giant could as well exploit the vulnerabilities it finds, but instead it stays true to its “Don’t be evil” motto.

Obviously, the main goal of Google is to prevent such incidents as this year’s Heartbleed, a bug that affected quite a few websites. This is how the search giant explains the need for Project Zero: “Security is a top priority for Google. We’ve invested a lot in making our products secure, including strong SSL encryption by default for Search, Gmail and Drive, as well as encrypting data moving between our data centers. Beyond securing our own products, interested Googlers also spend some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed.”

The best thing about Project Zero is that security specialists who are not part of the team will be able to consult the findings by checking an external database. First of all, this will help web app developers, but desktop and mobile app makers could also get some help in finding the vulnerabilities of their software.

According to a blog post written by Chris Evans, Research Herder, “We commit to doing our work transparently. Every bug we discover will be filed in an external database. We will only report bugs to the software’s vendor—and no third parties. Once the bug report becomes public (typically once a patch is available), you’ll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces. We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time.”

The team behind Project Zero also made public the fact that it’s looking for other security specialists: “We’re hiring. We believe that most security researchers do what they do because they love what they do. What we offer that we think is new is a place to do what you love—but in the open and without distraction. We’ll also be looking at ways to involve the wider community, such as extensions of our popular reward initiatives and guest blog posts. As we find things that are particularly interesting, we’ll discuss them on this blog, which we hope you’ll follow.”

Be social! Follow Walyou on Facebook and Twitter, and read more related stories about Sentri, a device that takes home security to the next level, and the eBay security hack.