The Inquirer-Home

Google's Project Zero initiative aims to rid the web of targeted attacks

Put together after Googlers spent time discovering bugs like Heartbleed
Wed Jul 16 2014, 13:52

heartbleed bugGOOGLE HAS ANNOUNCED "Project Zero", a dramatically-named initiative that looks to mitigate the risk of internet users getting hit by targeted cyber attacks.

Started by a group of Google security researchers with the mission of ridding the world of security dangers such as zero-day attacks, Project Zero will hire "the best practically-minded security researchers", Google said, promising to contribute all of their time "toward improving security across the internet".

The group was put together after certain Googlers started spending "some of their time on research that makes the internet safer, leading to the discovery of bugs like Heartbleed," said Google researcher Chris Evans in a blog post.

"We're not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers," Evans explained. "We'll use standard approaches such as locating and reporting large numbers of vulnerabilities."

Evans said that Project Zero will also conduct new research into mitigations, exploitation, program analysis, and anything else that the researchers decide is a worthwhile investment.

The Googlers at Project Zero will commit to doing their work transparently, with every bug discovered being filed in an external database. They will also report bugs only to the software's vendor and no third parties.

"Once the bug report becomes public, typically once a patch is available, you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces," Evans said. "We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time."

Not to long before the announcement of Project Zero on Tuesday, Google came under fire from European Union courts, which have forced the firm to forget certain people's irrelevant or outdated online histories. Within days of the court order going into effect, EU citizens were begging Google to have their pasts expunged, at the rate of 10,000 requests per day.

However, it has since emerged that the buried webpages haven't been technically disabled, nor have they been erased, security Firm Sophos reports.

"Regardless of what the directive is being called, courts technically didn't grant Europeans the right to be forgotten. Rather, it gave them the right to be relatively obscured, by having eligible pages flagged so they don't show up in search results," said Sophos in a blog post.

"The data is still out there. And now, a newly launched site is archiving the forcibly de-indexed pages, in the name of opening up to the internet as a whole the discussion regarding what should or should not be 'forgotten'." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Coding challenges

Who’s responsible for software errors?