Tuesday, July 15, 2014

Announcing Project Zero

Posted by Chris Evans, Researcher Herder

Security is a top priority for Google. We’ve invested a lot in making our products secure, including strong SSL encryption by default for Search, Gmail and Drive, as well as encrypting data moving between our data centers. Beyond securing our own products, interested Googlers also spend some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir time on research that makes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet safer, leading to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 discovery of bugs like Heartbleed.

The success of that part-time research has led us to create a new, well-staffed team called Project Zero.

You should be able to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 use of “zero-day” vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.

Project Zero is our contribution, to start cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ball rolling. Our objective is to significantly reduce cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 number of people harmed by targeted attacks. We’re hiring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best practically-minded security researchers and contributing 100% of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir time toward improving security across cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet. 

We’re not placing any particular bounds on this project and will work to improve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security of any software depended upon by large numbers of people, paying careful attention to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 techniques, targets and motivations of attackers. We’ll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we’ll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment.

We commit to doing our work transparently. Every bug we discover will be filed in an external database. We will only report bugs to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software’s vendor—and no third parties. Once cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bug report becomes public (typically once a patch is available), you’ll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces. We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to get fixes to users in a reasonable time.

We’re hiring. We believe that most security researchers do what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y do because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y love what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y do. What we offer that we think is new is a place to do what you love—but in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 open and without distraction. We’ll also be looking at ways to involve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wider community, such as extensions of our popular reward initiatives and guest blog posts. As we find things that are particularly interesting, we’ll discuss cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m on this blog, which we hope you’ll follow.

30 comments:

  1. Chris,
    For cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Win?

    -----BEGIN PGP MESSAGE-----
    Version: Mailvelope v0.9.0
    Comment: Email security by Mailvelope - https://www.mailvelope.com

    wcBMA+cp1Jy9B1fmAQf/atduyGVaR7juKbgg7C2q1EEkd7Ji2l16bEIXTO3Y
    J1hiRODkoY60GyV8xbdsaHI02N6i96Gp6WcvotvBo4ygRN8eqNlq6+FPaI6j
    7dAMpJST8XC0fW8jclQH77filMUTPUDo56IXxPzha5VdSlsaOs1S/Xv3PH7h
    64SackzsttMki9gf7WwKECM8djg1JxNeCZJV3lPRhAwzHaQyEUbjNdqAASz4
    02OC29KrsDlwOF0QxiK77w5YjfPXaAh3Kxz5PnctBGNxrQ4SOZNuoa3Hy/3v
    CF8POkLIw5j3LBK+7t8zukNClIkbN/PYkYVIwFuKItCkwSAjkl9GA217aFae
    IdLACwGiRk+RH1yFagYFtvtymv8bCZzfk+SyzBj8UKx/RszPUP22OOkMT/jF
    F5DcpKp4XeBimTdwlE9XD/rZWhI2CFi7P1MSLPJw+ikuntXPQHY+e/DsptuT
    iAyERDFVE4Xacc83B1sl4QWfADfkeIDqgMygs+uoOUOApAghPoPx1FBdOnHS
    royBdgMEScsZg/73S/nOHHM9SFS0ig7Fm0I5k+9dlnw+z75ku/0EKkM3wxq/
    mtqBSLclHLgP5BifUYzysO6kvQg7WAqjtBlu
    =VVo3
    -----END PGP MESSAGE-----

    ReplyDelete
  2. This comment has been removed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author.

    ReplyDelete
  3. Where does one apply? I searched for project zero on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Google careers page, but did not notice any relevant hits. I have over 20 years of experience in programming, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last six of which were in automated testing of life-critical engineering calculations.

    ReplyDelete
  4. how does one apply for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 position?

    I'm currently trying to fix all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 websites which have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir .git/.svn/.hg/.bzr repo available (which could lead to leaked sources, hence a lot of 0days, leaked databases, API credentials, etc). I have fixed about 1500 websites so far but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are lots more.
    I've also notified hundreds of websites about 0days I've found in different third-party libraries.

    I'm doing this because I'm trying to make internet safer.

    ReplyDelete
  5. Good job picking GH, I like his work, and glad he is a Blue/white Hat. I remember back in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 day when i submitted Map issues and would get back emails denying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 issue existed, and it was patched in < 4 hours. Times have changed, and I for one am glad. I wish Google had more security/infrastructure positions in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Soucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rn CA, but I digress. I agree with Austin, would be interesting hearing what will be found.

    ReplyDelete
  6. Hello, Mr. Google! I have a development that will eliminate all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 servers, Laptop and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r mobile gadgets from any hackers. If you do not believe me, we can discuss. If you do, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 meeting. With best regards, Aleksandr Solodilov (Linkedin)

    ReplyDelete
  7. This comment has been removed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author.

    ReplyDelete
  8. And? Any email or online form for CVs?

    ReplyDelete
  9. VCC technology is available
    See victorsheymov.com
    Victor Sheymov Wikipedia
    CYBERSPACE AND SECURITY in Amazon.com

    ReplyDelete
  10. "We're hiring"

    Could you tell how to apply?

    ReplyDelete
  11. http://www.linuxfoundation.org/programs/core-infrastructure-initiative

    ReplyDelete
  12. All for safety, you are with actions that large companies should always keep in mind for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 good of its members.

    ReplyDelete
  13. I always desired to learn about Internet Security.
    Somebody could help me given advice?
    How to begin study in this field?

    ReplyDelete
  14. This comment has been removed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author.

    ReplyDelete
  15. Need a Canadian security researcher with 20+ years of DevOps and a SSCP certification...count me in.

    ReplyDelete
  16. The forum posting is a unique and interesting job!
    jobs

    ReplyDelete
  17. Over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last 30 years or so, I've reported around 100, probably way more, serious bugs.
    In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VAST majority of cases, from my considerable experience, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bugs never get fixed. There is usually some idiot in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way who's job is to waste my time telling me "it's not a bug", or some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r idiot telling me to report it to someone else in his org, because he can't fix it, and sometimes even worse (netscape lawyers sent me a legal threat when I submitted 100 different bugs to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir "report a bug, get a T-Shirt competition" - and to rub salt into that wound, I reported a summary, not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 details, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y never asked for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 details).

    You cannot hope to fix things that people don't want to fix or don't care about, by doing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same thing, again, that everyone else is already doing.

    You need a new way - some kind of blazing in-your-face public way to let us know who you are chasing about a bug, and give us all a big ticking-down clock until cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment (give cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m 60 days) you shame cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 crap out of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m for doing nothing, and make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bug public.

    ReplyDelete