Google has always invested in Internet security; however, recently it appearsthat helping create a safer web is their top priority. In addition to switching to always-on SSL by default for Google Search, Gmail, and Google Drive, they havepaid “bug bounties” or rewards for individuals who report security flaws in their products.
But keeping their own products safe isn't enough. Google has assembled a Project Zero team to hunt down security vulnerabilities and bugs in any software used by a large number of people.
[The Project Zero] objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet. — Chris Evans, Google Security Engineer
Following the independent discovery of the OpenSSL bug Heartbleed, interested individuals like Google have devoted more time and resources to research that identifies security vulnerabilities online and makes the Internet a safer place for users.
The goal is to create an Internet where people across the world can use the web without “fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” saidChris Evans.
Despite programs that reward individuals who report security issues, in the dark market, those same vulnerabilities can be sold for $50k-$100k. Cybercriminals then use vulnerabilities to target large groups of consumers, human rights organizations, and even spy on corporations. The Google team has pledged transparency so that others can collaborate with them in their security research and eliminate the growing threats to data security online.
Project Zero team members have extensive experience in software security and are highly regarded in the security industry for their contributions in helping identify bugs in current popular applications and devices.
In addition to conducting research on public software, the project will create a repository of data that includes:
SSL Encryptionis at the coreof data security. At, we've built in security vulnerability detection into every major utility and service that we offer to our customers.
Services likeCertificate Inspector, thatallow administrators manage SSL Certificatesused within their network, and our SSL InstallationCheckerautomatically check websites for common security issueslike Heartbleed, weak keys, and a number of other critical vulnerabilities reported by groups like Google's ProjectZero.
True security today is independent of any single piece of software or device. The development of this security team and others who are doing similar work independently shows that keeping people and systems safe today takes a collective effort and depends on different parts and multiple vendors collaborating in real time to stay ahead of information security threats.