Tuesday, July 15, 2014

Announcing Project Zero

Posted by Chris Evans, Researcher Herder

Security is a top priority for Google. We’ve invested a lot in making our products secure, including strong SSL encryption by default for Search, Gmail and Drive, as well as encrypting data moving between our data centers. Beyond securing our own products, interested Googlers also spend some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir time on research that makes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet safer, leading to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 discovery of bugs like Heartbleed.

The success of that part-time research has led us to create a new, well-staffed team called Project Zero.

You should be able to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 use of “zero-day” vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.

Project Zero is our contribution, to start cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ball rolling. Our objective is to significantly reduce cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 number of people harmed by targeted attacks. We’re hiring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best practically-minded security researchers and contributing 100% of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir time toward improving security across cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet. 

We’re not placing any particular bounds on this project and will work to improve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security of any software depended upon by large numbers of people, paying careful attention to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 techniques, targets and motivations of attackers. We’ll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we’ll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment.

We commit to doing our work transparently. Every bug we discover will be filed in an external database. We will only report bugs to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software’s vendor—and no third parties. Once cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bug report becomes public (typically once a patch is available), you’ll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces. We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to get fixes to users in a reasonable time.

We’re hiring. We believe that most security researchers do what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y do because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y love what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y do. What we offer that we think is new is a place to do what you love—but in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 open and without distraction. We’ll also be looking at ways to involve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wider community, such as extensions of our popular reward initiatives and guest blog posts. As we find things that are particularly interesting, we’ll discuss cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m on this blog, which we hope you’ll follow.