Security has become an important component of every business. Many(if not all) organizations are choosing a proactive approach to security rather than a reactive one. It is better to deal with bugs and flaws in any software, before the malicious elements manipulate the same flaws for personal and monetary gains.
It is with this same thought that Google created ‘Project Zero’ in 2014. ‘Project Zero’ was also termed as the ‘Cybersecurity dream team’!! The primary aim of this project is to find flaws and vulnerabilities not only in Google products but in other products, operating systems and software. The goal is to detect “zero day vulnerabilities” which are mostly exploited by criminals, state sponsored hackers and intelligence agencies and make the Internet a safe place for all.
Once a bug was discovered by the ‘Project Zero’ team, it was intimated to the manufacturer directly. Only when a patch was released, was the bug disclosed to the public. However, if a patch was not released by the manufacturer within 90 days, then again it was released to the public.
Zero-day vulnerabilities are those bugs or loopholes that are known to a hacker but not to the vendor of the product. How do you feel when you have created a product, but do not know the bugs or drawbacks in it but somebody else knows it and is misusing it? This is exactly what was happening with a number of products – hackers were making use of vulnerabilities and exploiting it to the maximum but the vendors were clueless about what was happening.
The team included New Zealander Ben Hawkes, Tavis Ormandy, an English researcher , American hacker prodigy George Hotz, Switzerland-based Brit Ian Beer. All of the professionals were extremely good at bug hunting(finding flaws in software) and hacking.
Is ‘Project Zero’ still hiring?
The good news is ‘yes’! 🙂 Google is still hiring for its ‘Project Zero’ team. Good coding skills and the ability to do vulnerability research and exploit development are crucial skills that are needed. In addition, if you have publicly reported vulnerabilities, you have a brighter chance of getting in! For more details on joining ‘Project Zero’ visit this link.
Latest findings by ‘Project Zero’:
As early as October of last year, a security hole was plugged in for Facebook owned ‘Whatsapp’ which was discovered by Project Zero.
In March of this year, Google disclosed a flaw in the MacOS kernel.
Let’s hope Google’s ‘Project Zero’ helps in the betterment of the netizen’s Internet experience without offending anyone… 🙂
Written for the letter ‘Z’ for #BlogchatterA2Z challenge. The previous post can be found here.
It has been a pleasure writing about Information security and proverbs this entire month! I hope you enjoyed reading them as much I did writing them! See you next year!! 🙂