News 07-18-2014

Google Project Zero, The White Hat Security Team Making the Internet Secure

Flavio

Google has always invested in Internet security; however, recently it appearsthat helping create a safer web is their top priority. In addition to switching to always-on SSL by default for Google Search, Gmail, and Google Drive, they havepaid “bug bounties” or rewards for individuals who report security flaws in their products.

But keeping their own products safe isn't enough. Google has assembled a Project Zero team to hunt down security vulnerabilities and bugs in any software used by a large number of people.

[The Project Zero] objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet. — Chris Evans, Google Security Engineer

Following the independent discovery of the OpenSSL bug Heartbleed, interested individuals like Google have devoted more time and resources to research that identifies security vulnerabilities online and makes the Internet a safer place for users.

In the Dark Market, Vulnerabilities Are for Sale

The goal is to create an Internet where people across the world can use the web without “fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” saidChris Evans.

Despite programs that reward individuals who report security issues, in the dark market, those same vulnerabilities can be sold for $50k-$100k. Cybercriminals then use vulnerabilities to target large groups of consumers, human rights organizations, and even spy on corporations. The Google team has pledged transparency so that others can collaborate with them in their security research and eliminate the growing threats to data security online.

Fixing Real-Time Internet Security Threats

Project Zero team members have extensive experience in software security and are highly regarded in the security industry for their contributions in helping identify bugs in current popular applications and devices.

In addition to conducting research on public software, the project will create a repository of data that includes:

  • Real-time bug reports to vendors
  • Vendor time-to-fix performance
  • Discussion on exploitability of bugs
  • Historical exploits of security bugs
  • Vulnerability mitigation resources

Collaborating to ManageSecurity andThreat Detection

SSL Encryptionis at the coreof data security. At, we've built in security vulnerability detection into every major utility and service that we offer to our customers.

Services likeCertificate Inspector, thatallow administrators manage SSL Certificatesused within their network, and our SSL InstallationCheckerautomatically check websites for common security issueslike Heartbleed, weak keys, and a number of other critical vulnerabilities reported by groups like Google's ProjectZero.

True security today is independent of any single piece of software or device. The development of this security team and others who are doing similar work independently shows that keeping people and systems safe today takes a collective effort and depends on different parts and multiple vendors collaborating in real time to stay ahead of information security threats.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

12-04-2024

How artificial intelligence is reshaping digital trust

12-18-2024

Announcing the new open-source DCV library from

How to spot a fraudulent website