Google’s new initiative aims to reduce the number of zero-day vulnerabilities on the Internet by employing fulltime “whitehat” hackers (hackers who discover and report vulnerabilities, rather than creating or exploiting them). Zero-day vulnerabilities, as I’ve discussed before, exist as previously undiscovered security holes in software. That means a hacker can gain access, manipulate or otherwise disrupt a website or service without being detected.
Because of their secretive nature, and because there are no ways for companies or individuals to protect themselves from these exploits, zero-day vulnerabilities are incredibly valuable. So valuable, in fact, that nation states, tech companies and wealthy hackers will pay a king’s ransom to obtain them.
But Google’s Project Zero isn’t all about the money. In fact, the opposite is true: by finding, patching and publicizing zero-day vulnerabilities, Google is making it more time consuming and difficult for bad-guy hackers to make money by searching for and selling these exploits themselves.
Nor is Project Zero about the accolades. Prior to publicly announcing the vulnerabilities discovered by Project Zero, Google will first notify compromised companies, thereby providing time for affected web teams to patch their software.
Another goal of Project Zero is attack prevention. Google plans to do this by documenting and analyzing the ways that hackers execute their attacks, which will in turn help to create a more hardened Internet. Our own team of McAfee Labs™ researchers currently works to do just that, but the Internet is a vast place—so the more good guys, the better.
Despite all this, Google’s new project doesn’t mean the beginning of the end for hackers. There will always be vulnerabilities ripe for exploitation and there will always be malicious programs aimed at collecting and abusing your data. That’s why the tech industry, in conjunction with operations like Google’s, needs to reduce exploit-inducing bugs in the first place. Consumers, too, need to make sure their Internet-connected devices are protected by using security programs like McAfee LiveSafe™ service, available for your PCs, Macs, smartphones and tablets.
Google’s Chris Evans, Research Herder for Project Zero, stated in the initiative’s first blog post that you and I ought to be able to use the web without worrying over criminal or state-sponsored actors spying on you. We couldn’t agree more.