On Tuesday, Search giant Google unveiled a new initiative called Project Zero, a broad attempt to weed out security bugs in third party applications through which Google users are harmed every day by a variety of targeted attacks.
These vulnerabilities are known as zero-day exploits. Through these flaws, hackers of criminal, government-paid agencies and industrial origin can attack computers, siphon data and identities, conduct espionage and install ransomware, spyware and malware. Besides that, the right exploits reportedly fetch more than six-figures when sellers can demonstrate that the bugs or flaws they’ve discovered can cause a lot of damage.
Google's announcement comes after a massive secret government spying program under the National Security System was exposed by former NSA contractor Edward Snowden and the recent heartbleed scare in which, a vulnerability in the encryption codes potentially allowed hackers to steal data from supposedly secure websites.
With Project Zero Google has its own interest in mind. The company wants to safeguard its users from any setbacks encountered through the use of Google, and it also wants to secure its advertising revenue by protecting its links to third party sites and developing user confidence in the security of those links. More than that, Google understands the greater need for Internet security for the coherence and safety of the Internet as a whole.
"You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications," Google security researcher Chris Evans said in a blog post.
Even then these sophisticated attacks continue to target human rights activists and businesses, which needs to stop, he said. "We're hiring the best practically-minded security researchers and contributing 100 per cent of their time toward improving security across the internet," he added.
Project Zero will focus mainly on zero-day exploits, little-known software vulnerabilities used to hack devices and spy on users before developers have a chance to fix them. Additionally the team will also research program analysis techniques and mitigation strategies. These are crucial particularly to developers as they can be used to offer a kind of defence, improved analysis tools can help detecting bugs earlier, and mitigation strategies can cut down the impact of bugs in the wild.
Project Zero is not just restricted to detecting flaws in Google's products; the team is authorized to search the entire web to find vulnerabilities in any product. Earlier in the week, the Project Zero team reportedly resolved vulnerabilities in latest updates for Apple's Mac and iPhone software.
Evans said Project Zero would be conducted in a very transparent manner, with all bugs being filed in a public database after first being sent to the software's vendor for fixing. Public disclosure will also allow users to monitor how long companies take to fix the vulnerabilities, he added.