Google’s Project Zero: Good News for Cyber Security

By on Jul 18, 2014

Google has assembled a team of counter-hackers to search, identify and patch zero day vulnerabilities and malware across the Web. Its name? “Project Zero.” Its purpose? Keeping you safe online.

Google’s new initiative aims to reduce the number of zero-day vulnerabilities on the Internet by employing fulltime “whitehat” hackers (hackers who discover and report vulnerabilities, rather than creating or exploiting them). Zero-day vulnerabilities, as I’ve discussed before, exist as previously undiscovered security holes in software. That means a hacker can gain access, manipulate or otherwise disrupt a website or service without being detected.

Because of their secretive nature, and because there are no ways for companies or individuals to protect themselves from these exploits, zero-day vulnerabilities are incredibly valuable. So valuable, in fact, that nation states, tech companies and wealthy hackers will pay a king’s ransom to obtain them.

But Google’s Project Zero isn’t all about the money. In fact, the opposite is true: by finding, patching and publicizing zero-day vulnerabilities, Google is making it more time consuming and difficult for bad-guy hackers to make money by searching for and selling these exploits themselves.

Nor is Project Zero about the accolades. Prior to publicly announcing the vulnerabilities discovered by Project Zero, Google will first notify compromised companies, thereby providing time for affected web teams to patch their software.

Another goal of Project Zero is attack prevention. Google plans to do this by documenting and analyzing the ways that hackers execute their attacks, which will in turn help to create a more hardened Internet. Our own team of McAfee Labs™ researchers currently works to do just that, but the Internet is a vast place—so the more good guys, the better.

Despite all this, Google’s new project doesn’t mean the beginning of the end for hackers. There will always be vulnerabilities ripe for exploitation and there will always be malicious programs aimed at collecting and abusing your data. That’s why the tech industry, in conjunction with operations like Google’s, needs to reduce exploit-inducing bugs in the first place. Consumers, too, need to make sure their Internet-connected devices are protected by using security programs like McAfee LiveSafe™ service, available for your PCs, Macs, smartphones and tablets.

Google’s Chris Evans, Research Herder for Project Zero, stated in the initiative’s first blog post that you and I ought to be able to use the web without worrying over criminal or state-sponsored actors spying on you. We couldn’t agree more.



About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs