Gathering Information Security Specialists in the Project Zero Team

Original author: Chris Evans, Head of Research
  • Transfer
Product safety is one of Google’s top priorities. By default, we use strong SSL-based encryption for services such as Search, Gmail, and Google Drive. All data exchanged between our data centers is also encrypted. But besides the security of our own products, we care about the security of the Internet as a whole. That is why employees of the company pay great attention to the search for vulnerabilities on the Web and even combine information about them in reports . First of all, it concerns the search for errors like Heartbleed .

The results of this small and, in general, third-party project seemed so interesting to us that we decided to assemble a new team of specialists under the general name Project Zero.

Using the Internet, you must be sure that no one was able to take advantage of errors in the code to run the virus on your computer, gain access to sensitive information or track your contacts. Unfortunately, there are many complex malicious programs in the world, for example, programs under the general name “ Zero Day Vulnerability ” that have already been used against human rights activists or for industrial espionage . We believe that this practice needs to be put to an end, and we are ready to work on a solution to this problem.

“Project Zero” is the first step that will become our contribution to the common cause. Our goal is to significantly reduce the number of people affected by targeted attacks. We invite the best practitioners in the field of network security research to work, and they, in turn, devote 100% of their working time to improving the level of security on the Internet.

This project does not have strictly defined boundaries: we will work to increase the security level of any software if it is used by many people, and we will pay special attention to the technology, goals and motives of hackers. We will use standard approaches (identifying vulnerabilities and reporting this to software suppliers), as well as conduct new research in the field of mitigation, development and program analysis. In general, to do everything that our researchers consider worthy of attention.

We intend to make our work fully transparent. Each detected error will be entered into an independent database.. We will report errors to the provider of the software in question. This information will not be shared with anyone else. After publishing a bug report (usually after fixing it), you can find out what was done by the software vendor to fix it, view user discussions, and see the usage history and signs of breakdowns. We also undertake to send reports on detected errors to software suppliers in a short time (in fact, in real time) and to facilitate their prompt elimination.

Our team needs new employees. We are convinced that the best software security researchers do this because they love their job. We offer such specialists to do what they love in a new place, but openly and without being distracted by anything else. We will also be happy to expand our community, spread the word about our new projects and the appearance of new posts about us. And if we find something interesting, then be sure to discuss it in our blog . Join now!

Also popular now: