Project Zero: Google's Team of Bug Hunters Aim to Make the Internet a Safer Place
George Hotz shot to fame in 2007 when he unlocked AT&T's exclusive grip on the iPhone in the US, and again when he reverse-engineered the PlayStation 3 - before being sued by Sony.
Earlier this year Hotz uncovered major security flaws in Google's Chrome browser - but instead of taking him to court, Google paid him $150,000 (£87,000) and has now offered him a role within its new bug-hunting team to be known as Project Zero.
Announcing what has until now been a secretive and shadowy group within Google, security engineer Chris Evans said:
"You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications.
"Yet in sophisticated attacks, we see the use of 'zero-day' vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem."
Transparency
Project Zero is Google's contribution to making the internet a safer place. It says it will inform companies affected of any bugs it finds, giving them between 60 to 90 days to issue a patch before disclosing the flaw publicly on an external database.
"Once the bug report becomes public [typically once a patch is available], you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces. We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time," Evans said.
Google has been seeking to improve its own security recently in the wake of revelations by Edward Snowden showing the ease with which government agencies can capture its customers' information.
It recently announced a plan to build end-to-end encryption into its Gmail service.
Along with Evans and Hotz - who will be joining the team as an intern - the Project Zero team features some heavyweights from the security industry. New Zealander Ben Hawkes is renowned for discovering dozens of flaws in the likes of Adobe Flash and Microsoft Office while the UK's Tavis Ormandy recently highlighted how anti-virus companies can include zero-days to make their customers less secure.
Altruistic
Also joining the team will be fellow Brit Ian Beer, who recently revealed flaws in Apple's iOs, Mac OS X and Safari software.
Speaking to Wired ahead of the announcement of the new Google division, Evans said the purpose of the group was "primarily altruistic" as it will be effectively paying to find and fix flaws in the software of other companies.
However the net effect will also benefit Google, Evans believes: "If we increase user confidence in the internet in general, then in a hard-to-measure and indirect way, that helps Google too."
© Copyright IBTimes 2024. All rights reserved.