Security is a top priority for many tech firms, and not to mention Google as the popular search engine giant. The company that has invested its time and efforts into making its products more secure, is also opening the opportunities for people to make the internet a safer place by creating a teal called "Project Zero".
The Project Zero initiative is part of Google's escalating efforts in this space, where the interests of governments, businesses, activists and citizens collide.
Since the discovery of bugs like Heartbleed, and post-NSA moments since Edward Snowden first revelation, security and privacy on the internet is more than a simple concern. Reset the Web, for example, is one of several efforts that companies do to prevent such things from happening again.
Google on its own is also attempting to create a place where users can surf without fear that criminals and government-sponsored entities is exploiting software to infect their computers, steal their hidden secrets, or monitor their private communications.
"You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications," wrote Chris Evans, a member of Google's security research team, in an official blog post. "Yet in sophisticated attacks, we see the use of 'zero-day' vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem."
Project Zero is Google's contribution to significantly reduce the number of people harmed by targeted attacks. The team will add some reinforcement in the fight against cybercrime and better privacy for all. The company is hiring the practically-minded security researchers to contribute 100 percent of their time toward improving security by seeking flaws in software relied on across the internet.
These flaws are known to be the "zero day exploits" as they have not been previously known by security researchers before malicious people abuse them - give the team its name. Zero day attacks can include, and not limited to, infiltrating malware, spyware or allowing unwanted access to user information.
The term "zero day" refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
The Project Zero team is not bound by any particular reasons. They will work to improve security of any software by observing the techniques, targets and motivations of the attackers. The team will use the standard approaches of locating and reporting. In addition, they'll be conducting new research into mitigations, exploitation, program analysis, and anything else that they decide is a worthwhile investment.
Every bug that is discovered will be filed in an external database. The team will only report bugs to the software's vendor - not to third parties - as soon as possible. Once the bug report becomes public, the team will be able to monitor vendor time-to-fix performance, see any discussion about it, and view historical exploits and crash traces. The vendor and the team will also work together to make sure the fixes are done in a reasonable amount of time.
Google aims to reduce the number of zero day vulnerabilities to benefit both businesses, governments and end users because it makes the threat surface smaller: fewer vulnerabilities will in time mean fewer exploits and consequently less data loss.
The Initial Team
"People deserve to use the internet without fear that vulnerabilities out there can ruin their privacy with a single website visit," says Chris Evans, a British-born researcher who formerly led Google's Chrome security team and is the first person in charge in the Project Zero.
Project Zero has already recruited hackers from within Google: Ben Hawkes from New Zealand has been credited with discovering bugs in software like Adobe Flash and Microsoft Office apps in 2013 alone. Tavis Ormandy, an English researcher who has a reputation as one of the most productive bug hunters. American hacker George Hotz, who hacked Google's Chrome OS defenses to win its Pwnium hacking competition, will be the team's intern, Brit Ian Beer from Switzerland that was credited for finding six bug in Apple's iOS, OSX and Safari.
Evans says the team is still hiring. It will soon have more than ten full-time researchers under his management; Most will be based out of an office in its Mountain View headquarters, using flaw-hunting tools that range from pure hacker intuition to automated software that throws random data at target software for hours on end to find which files cause potentially dangerous crashes.
Google with its Project Zero project is not the only one in the movement. Many tech companies has teamed up to prevent such things from happening again. Microsoft also has created "Cybercrime Center" in 2013 in a purpose-built building in the Redmond campus staffed with engineers, lawyers and others.