Google has decided that enough is enough. Hackers, be they government sponsored security experts or bedroom nerds with a gift for social engineering, are the latest target of Google investment, as it has announced the creation of a new team of researchers called Project Zero, which is designed to find and report security flaws in popular online services and software.
This isn't just Google services that they'll be targeting however, but commercial applications and platforms run by other companies. The team will try and break into them and if they find a flaw in the system will not announce it, but will quietly let the company know and may even help them fix it. The idea, according to the search giant, is to minimise the harm done by online attacks.
“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” Google said in a blog post. But more importantly, it explained, protestors and human rights activitists could be targeted by those that are arraigned against them to prevent the spreading of their messages and news. This is something Google wants to make sure does not happen.
To staff the Project Zero team, Google is said to be hiring the best security researchers in the world and no doubt a few white hat hackers. The team will take into consideration likely targets and hacker motivations when considering what software could be affected, to see if there's any holes in their security.
On top of this, Google will also be publicly announcing any bugs it finds (after they've been patched) allowing the world to see how seriously companies take their customer's security, by measuring their time-to-fix performance.
On top of paying its own team though, Google will also be considering extending bounties or reward systems to members of the community and those not part of Project Zero, to encourage them to help make the web a safer place as well.
KitGuru Says: This sounds like a pretty sweet deal for you and me. We get a safer web and Google foots the bill. It may encourage companies to be more secure in their own developments as well, which is again, good news for us.