Google runs one of the largest online businesses in the globe. Yet, even the mighty Mountain View-based company is not immune to hackers (most infamously by Chinese attackers and the NSA). As a consequence, Google has embarked on a series of efforts in recent months to bolster its internal security, as well as improve security across the entire internet. The latest and greatest of these to date is "Project Zero."
"We're not placing any particular bounds on this project"
Officially announced today on Google's online security blog, the effort is a new team of dedicated security engineers tasked with reducing the number of "zero day" vulnerabilities around the entire web. "Zero day" vulnerabilities refer to those flaws in software and services that haven't yet been fixed, allowing hackers to readily exploit them. They can occur in specific programs or websites, or on common software standards used across many websites, which was the case with the Heartbleed bug, perhaps the most widespread and devastating zero day exploit yet uncovered. Google itself was impacted by Heartbleed and is working to identify and plug similar sweeping security flaws before hackers can take advantage of them.
But Project Zero aims to go beyond just that big vulnerability. As Google's Chris Evans writes in the blog post on the project: "We're not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people." Once Google's crack team of engineers find a new vulnerability, they will notify only the affected company or organization at first. But after the affected company releases a fix, Google will post it and the flaw on a public database, so all of the company's users and partners can patch their own systems. Google says it's actively hiring for the Project Zero team, too. If it works out as Google hopes, zero day attacks around the web could be fewer and farther between, better for the company's business and ideally, everyone online.