Google has announced the creation of Project Zero, a team of researchers dedicated to uncovering zero-day vulnerabilities, flaws and other security issues that could represent a threat to internet users.
“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. We think more can be done to tackle this problem.”
Project Zero was announced yesterday on Google's Online Security Blog in a post by Chris Evans, a 'Researcher Herder' at Google. "Our objective is to significantly reduce the number of people harmed by targeted attacks," wrote Evans. "We're hiring the best practically minded security researchers and contributing 100 percent of their time toward improving security across the Internet."
Google started Project Zero after certain Googlers started spending "some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed," Evans said. "The success of that part-time research has led us to create a new, well-staffed team called Project Zero."
The Project Zero team plans to work in “real-time,” which means the researchers will quickly report all discovered bugs to the software's vendor – and aid in mitigation – before filing the vulnerability in an external database for all to view and discuss.
Project Zero will find and report bugs, details of which will be housed in an external database. "Once the bug report becomes public (typically once a patch is available), you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces," he wrote. "We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time."
Source: Google Online Security Blog