Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Google fires up 'Project Zero' universal Internet security program

Google fires up 'Project Zero' universal Internet security program
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jul 15, 2014, 03:39 PM
 
Google has launched a new web-wide security project. Titled "Project Zero", the effort by the search behemoth has the lofty goal to "significantly reduce the number of people harmed by targeted attacks." Google intends to have no bounds for the project, planning on working to "improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers."

The effort will be transparent -- every bug that the company discovers will be reported to the software vendor for rectification by the developer, and not made public until the flaw is fixed and patches are widely distributed. Following public notation of the flaw, users will be able to "monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces." Adding these metrics will help the public assess which vendors are better at security assessment.

Google researchers are already often credited with finding bugs, for example in Apple or Microsoft security fixes. The blog post trumpeting the program says that the Project Zero team will "use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis - and anything else that our researchers decide is a worthwhile investment."
( Last edited by NewsPoster; Jul 15, 2014 at 06:43 PM. )
     
Forum Regular
Join Date: Aug 2001
Location: California
Status: Offline
Reply With Quote
Jul 15, 2014, 04:55 PM
 
What's a little sad is that one or more world governments haven't done something similar already. Yes, the internet is self-policing and all, but given the value of cybercrime (both to private and state parties), you'd think at least one government would've seen it worth while to throw a few million defense dollars at a similar program.

(And yes, the creepy US security agencies claim they report software flaws they find to the vendors so they can fix them before another government takes advantage of them. At this point, how many people really believe that?)
     
Mac Enthusiast
Join Date: Mar 2009
Location: pacific northwest
Status: Offline
Reply With Quote
Jul 15, 2014, 07:37 PM
 
Google should start by fixing its own software first then worrying about others.
     
Fresh-Faced Recruit
Join Date: Apr 2008
Location: Vancouver, Canada
Status: Offline
Reply With Quote
Jul 16, 2014, 03:26 AM
 
@Makosuke

Of course the governments are NOT going to go after this .... especially true of the US government, but the rest are not far behind. They LOVE the fact that there are vulnerabilities in all these software programs ... they exploit them to their advantage so that they can spy on you. You'll never see any government step up for security.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 05:02 PM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2