Google
has hired a team of hackers to sniff out some of the biggest bugs
lurking within the Internet as a part of a new project it calls "Project
Zero."
The
Project Zero team aims to reduce the number of people affected by
targeted attacks and stop bugs like Heartbleed early on. Google said the
new hires will be "contributing 100% of their time toward improving
security across the Internet."
"You
should be able to use the web without fear that a criminal or
state-sponsored actor is exploiting software bugs to infect your
computer, steal secrets or monitor your communications," Chris Evans, a
member of Google's security research team, wrote in an official blog
post. "Yet in sophisticated attacks, we see the use of 'zero-day'
vulnerabilities to target, for example, human rights activists or to
conduct industrial espionage. This needs to stop. We think more can be
done to tackle this problem."
When
a bug is discovered, the team will report it to the software's vendor,
not to third parties, and file it in a public database. In addition to
locating and reporting vulnerabilities, it will be providing analysis
too.
"Once
the bug report becomes public (typically once a patch is available),
you'll be able to monitor vendor time-to-fix performance, see any
discussion about exploitability, and view historical exploits and crash
traces," Evans said. "We also commit to sending bug reports to vendors
in as close to real-time as possible, and to working with them to get
fixes to users in a reasonable time."
Posted by : Gizmeon
No comments:
Post a Comment