We gather in the team "Project Zero" information security specialists
Product safety is one of Google’s top priorities. By default, we use strong SSL-based encryption for services such as Search, Gmail and Google Drive. All data exchanged between our data centers is also encrypted. But besides the security of our own products, we are concerned about the security of the Internet as a whole. That is why company employees pay great attention to finding vulnerabilities on the web and even aggregate information about them into reports . First of all it concerns the search for errors like Heartbleed .
The results of this small and, in general, third-party project seemed to us so interesting that we decided to assemble a new team of specialists under the general title Project Zero.
Using the Internet, you must be sure that no one could use errors in the code in order to run a virus into your computer, gain access to sensitive information or track your contacts. Unfortunately, there are many complex malicious programs in the world, for example, programs under the general name “ Zero-day vulnerability ”, which have already been used against human rights activists or for industrial espionage . We believe that this practice needs to be stopped, and we are ready to work on solving this problem.
')
“Project Zero” is the first step that will be our contribution to the common cause. Our goal is to significantly reduce the number of people affected by targeted attacks. We invite the best practitioners in the field of network security research to work, and they, in turn, devote 100% of their working time to improving the level of security on the Internet.
This project does not have strictly defined boundaries: we will work to improve the security level of any software, if it is used by many people, and we will pay special attention to the technology, goals and motives of hackers. We will use standard approaches (identification of vulnerabilities and reporting to software vendors), as well as conduct new research in the field of negative consequences reduction, development and program analysis. In general, do all that our researchers consider worthy of attention.
We intend to make our work completely transparent. Each error detected will be entered into an independent database . We will report errors to the provider of the software in question. This information will not be transmitted to anyone else. After the publication of the error report (usually after its elimination), you can find out what was done by the software vendor to fix it, view user discussions, and also read the history of use and signs of breakdowns. We also undertake to send bug reports to software suppliers in a short time (in fact, in real time) and to facilitate their prompt resolution.
Our team needs new employees. We are convinced that the best software security researchers do this because they love their job. We offer such specialists to do their favorite business in a new place, but openly and without being distracted by anything else. We will also be happy to expand our community, disseminate information about our new projects and the emergence of new posts about us. And if we find something interesting, then we definitely discuss it in our blog . Join now!
The results of this small and, in general, third-party project seemed to us so interesting that we decided to assemble a new team of specialists under the general title Project Zero.
Using the Internet, you must be sure that no one could use errors in the code in order to run a virus into your computer, gain access to sensitive information or track your contacts. Unfortunately, there are many complex malicious programs in the world, for example, programs under the general name “ Zero-day vulnerability ”, which have already been used against human rights activists or for industrial espionage . We believe that this practice needs to be stopped, and we are ready to work on solving this problem.
')
“Project Zero” is the first step that will be our contribution to the common cause. Our goal is to significantly reduce the number of people affected by targeted attacks. We invite the best practitioners in the field of network security research to work, and they, in turn, devote 100% of their working time to improving the level of security on the Internet.
This project does not have strictly defined boundaries: we will work to improve the security level of any software, if it is used by many people, and we will pay special attention to the technology, goals and motives of hackers. We will use standard approaches (identification of vulnerabilities and reporting to software vendors), as well as conduct new research in the field of negative consequences reduction, development and program analysis. In general, do all that our researchers consider worthy of attention.
We intend to make our work completely transparent. Each error detected will be entered into an independent database . We will report errors to the provider of the software in question. This information will not be transmitted to anyone else. After the publication of the error report (usually after its elimination), you can find out what was done by the software vendor to fix it, view user discussions, and also read the history of use and signs of breakdowns. We also undertake to send bug reports to software suppliers in a short time (in fact, in real time) and to facilitate their prompt resolution.
Our team needs new employees. We are convinced that the best software security researchers do this because they love their job. We offer such specialists to do their favorite business in a new place, but openly and without being distracted by anything else. We will also be happy to expand our community, disseminate information about our new projects and the emergence of new posts about us. And if we find something interesting, then we definitely discuss it in our blog . Join now!
Source: https://habr.com/ru/post/230049/
All Articles