Google announces Project Zero security team
Google assemble new security team
Google has announced Project Zero, its new in-house security team which aims to provide wider protection for the internet as a whole by identifying and fixing vulnerabilities across the web.
Google will not only explore flaws in their own software, but will also identify ones in third-party software that affects Google or its users.
One such flaw was highly publicised last month when Feedly were hit by a second distributed denial-of-service (DDoS) attack, the culprits of which wanted to extort money in exchange for fixing the issue.
On the Google Online Security blog, Chris Evans stated:
“We’re not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers.”
Google has said that any bugs the Project Zero team discovers will be stored in an external database and brought to the attention of the software’s developer only once it has been fixed – no third parties will be notified.
Once the bug has been patched, a report will be produced and stored on the database, outlining how it was fixed and how long it took. Google intends this database to act as a reference point for software developers.
GeoHot joins Project Zero
One member of the team is 24-year-old hacker George Hotz, alias ‘GeoHot’, who at the age of 17 became the first person to unlock an iPhone.
Three years later Hotz was sued by Sony for hacking the Playstation 3, but an out-of-court settlement was agreed upon, on the condition that Hotz would not try to hack any more Sony products.
When Hotz won the Pwnium 4 security competition at Vancouver earlier this year, he was awarded $150,000 (£87,596) by Google for the flaws he uncovered in the Chrome operating system.
Adrian Mursec, head of development at theEword, has said: “It looks like Google will become a sort of internet security watchdog. It will be especially interesting to see how companies react to Google’s exploration of their software and security protocols.”