Google’s Project Zero Recruits Bug Hunters to Protect the Internet
Calling Internet security a “top priority,” Google announced Project Zero, its new security research team dedicated solely to ferreting out potential targeted attacks—such as the Heartbleed bug—that can affect a significant number of people.
With the announcement, the search giant is issuing a manifesto of sorts. Wrote Google’s “Researcher Herder” Chris Evans in a blog post:
You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.
Project Zero appears to have free reign on the research they pursue and will not focus solely on Google products. Evans states:
We're not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers. We'll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment.
Google promises that any bugs discovered will be reported to the software’s vendor “in as close to real-time as possible” and when the bug report becomes public, usually when a patch is available, it will be filed in an external Google security research database.
At this point, Google hasn’t made clear how to apply for a position on Project Zero. However, Wired reports that Project Zero has already recruited “the seeds of a hacker dream team from within Google,” as well as George Hotz, known for hacking Sony's PlayStation 3 and Apple's iPhone, as well as Google’s Chrome operating system.
Think this would be a fun job? For starters, there are some publications about security, cryptography, and privacy in Google's main research portal.
