Google wants to make it harder for malicious attackers—and that includes the National Security Agency—to exploit software bugs that infect your computer or steal personal data.
On Tuesday, the company revealed Project Zero, a team within Google that will work to reduce the number of people harmed in targeted attacks stemming from “zero-day” vulnerabilities, security holes that aren’t previously known and for which there are no readily available fixes.
Why is Google announcing this effort? Because Project Zero is hiring.
Google is looking for security researchers to work on discovering flaws in software, as well as researching and understanding the motivations of malicious attackers. Google didn’t say how many researchers the company is adding, but the company already has many people working on security issues.
Those interested in a job as a resident hacker will be working alongside folks like self-proclaimed “Security Princess” Parisa Tabriz, who leads the team of security engineers on Google’s Chrome browser, and Neel Mehta, who helped discover the Heartbleed bug.
Heartbleed was one of the most damaging vulnerabilities in open-source software discovered to date. It left two-thirds of the Web at risk of eavesdropping for two years thanks to a flaw in OpenSSL, a widely used piece of security software.
Project Zero will work to improve the security of software used by large numbers of people, as well as research the techniques hackers are using to target these vulnerabilities. Google says it will report bugs to the software’s vendor, and once it’s made public—meaning there’s a patch available—people will be able to learn more about the particular vulnerability, including how long it took the software vendor to fix it.
And though Google didn’t dwell on this point in its announcement, it did mention “state-sponsored actors” as a threat. Google has previously said that its systems were targeted by Chinese hackers who may be sponsored by elements of that country’s military, and former NSA contractor Edward Snowden revealed that the US intelligence agency has targeted Gmail and other Google services. Project Zero aims to protect against those threats as well as criminal hackers.
Photo by Alexandre Dulaunoy