Google's Project Zero will work to unearth zero-day threats that are present in third-party software, helping prevent major security threats like Heartbleed. UPI/Robert Galbraith/Pool |
License Photo
MOUNTAIN VIEW, Calif., July 15 (UPI) -- Google set up a secret team called Project Zero that will mine the internet for bugs and hackers, in order to identify vulnerabilities like Heartbleed.
The team will attempt to find vulnerabilities that can be used by hackers and state-sponsored actors to cause mischief on the Internet. The team was constituted in response to the Heartbleed bug that infected most websites on the Internet, potentially giving hackers access to sensitive user information.
"You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications," Chris Evans, a member of Google's security research team said in a company blog post.
"Yet in sophisticated attacks, we see the use of 'zero-day' vulnerabilities to target, for example, human rights activists or to conduct industrial espionage," he added.
Zero-day refers to attacks on software vulnerabilities that were previously unknown. Heartbleed was one such vulnerability that made users' passwords and online data vulnerable to hackers, sending Web companies scrambling to fix the flaw.
Google will store all its research on external databases and will report bugs only to the software vendor. The information will be accessible publicly once the bug is made public, which is typically when a vendor issues a security patch.
Hewlett Packard's TippingPoint Zero Day Initiative is a similar program that pays third-party researchers to submit bugs in other products. Microsoft also provides software that can detect such vulnerabilities in third-party software but does not pay independent researchers for submitting security reports.
