HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 10 MINUTES AGO.
You are here: Home / Network Security / Can Google Stop Zero Day Flaws?
Close the insights gap
Between you and your customers with Microsoft Dynamics CRM.
See real-time CRM work
Can Google Put an End to Zero Day Flaws?
Can Google Put an End to Zero Day Flaws?
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
16
2014


Google wants the Internet-using world to know that security is a top priority. That’s the message behind the launch of Project Zero, a team of researchers on the prowl for cyber threats and vulnerabilities.

“Beyond securing our own products, interested Googlers also spend some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed,” Chris Evans, research herder at Google, wrote in a blog post. “The success of that part-time research has led us to create a new, well-staffed team called Project Zero.”

This Needs to Stop

As Evans sees it, you should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, he noted, Google’s security team see the use of "zero-day" vulnerabilities that do everything from targeting human rights activists to conducting industrial espionage.

“This needs to stop. We think more can be done to tackle this problem,” Evans said. “Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100 percent of their time toward improving security across the Internet.”

Google is promising not to place any particular bounds on the project. The company also vowed to work toward improving the security on any software that large numbers of people depend on. That, Evans said, means paying careful attention to the techniques, targets and motivations of attackers.

“We'll use standard approaches such as locating and reporting large numbers of vulnerabilities,” he said. “In addition, we'll be conducting new research into mitigations, exploitation, program analysis -- and anything else that our researchers decide is a worthwhile investment.”

Google Hiring Security Gurus

Evans also committed to working transparently. That means every bug Project Zero discovers will be filed in an external database. Google will only report bugs to the software’s vendor in as close to real-time as possible, not to third parties. And once a bug report makes its way to the public, which typically happens after a patch is available, you can monitor vendor time-to-fix performance, review discussions about exploitability, and see historical exploits and crash traces.

And with that, Evans made another announcement: Google is hiring.

“We believe that most security researchers do what they do because they love what they do. What we offer that we think is new is a place to do what you love -- but in the open and without distraction. We'll also be looking at ways to involve the wider community, such as extensions of our popular reward initiatives and guest blog posts," he said.

We caught up with Paul Ducklin, senior security advisor at Sophos, to get this thoughts on Project Zero. He told us security-minded individuals and companies like Sophos all try to do their best to go the "extra mile" to give back to the community. Sophos, for example, partnered with the Queensland Police in Australia on a security project.

“If there is one thing I'd love to see Google wrap into this Project Zero it would be to put more pressure on,” Ducklin said, “and to make it easier for its own Android partners to ship security updates to end users."

Tell Us What You Think
Comment:

Name:

Bobby Roper:

Posted: 2014-07-17 @ 3:57am PT
How about instead of using google, give a non tracking leave me alone search engine called http://LookSeek.com I will sacrifice a little to get a lot.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
IT departments are embracing cloud backup, but there's a lot you need to know before choosing a service provider. Learn all the critical things you need to know by accessing the white paper, "5 Things You Didn't Know About Cloud Backup". Access the White Paper now.
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
If you're a Google Gmail user, it's bad news. About 5 million Gmail addresses and plain text passwords were leaked to an online forum on Tuesday. The good news: the data is old, but better security is still needed.

ENTERPRISE HARDWARE SPOTLIGHT
The tech giant is expanding its cloud solutions which promise secure access to enterprise phone, email, and storage apps. The latest addition to the Dell Mobile Workspace involves Vonage and MS Office 365.

MOBILE TECHNOLOGY SPOTLIGHT
The world's highest-capacity SD card is being offered by SanDisk, 512 gigabytes of flash storage aimed at professionals shooting 4K Ultra HD video or high-speed burst mode photography. Price: $800.

Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.