Google Inc. (NASDAQ:GOOG), as an organisation or enterprise is somewhat different in its approach when it comes to its developmental projects. You see, at Google the aim with a developmental project is to bring out something innovate and then do some more. In the past few months, Project Tango, Project Ara and the glucose monitoring lenses have stood testimony to this feat. Similarly, the latest project that comes to light from the assembly lines of Google is no different either; but while the former examples were more specific to smartphones, this one has a wider scope. Project Zero, as it is being marketed as, is Google’s way of returning a favor to the cyberspace community. You can also view this as one of Google’s many CSR (corporate social responsibility) initiatives.
Announced a little over a week ago, the basic philosophy behind Project Zero is Google wanting people to, “be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications.”
The idea behind the nomenclature of this project comes from the rising risks and threats that zero-day vulnerabilities are posing for people and corporate bodies both individually and collectively. Thus, it has been named as Project Zero.
Headed by Chris Evans, who is Google’s Security Engineer, Project Zero consists of a team of like-minded ethical hackers whose main aim in Evans’ words is to, “significantly reduce the number of people harmed by targeted attacks.” As of now, the team has high-profile ethical hackers like Ben Hawkes from New Zealand, Englishman Tavis Ormandy and Switzerland-based Brit Ian Beer. Apart from them, American hacker prodigy George Hotz will also intern at Project Zero. Apparently, Google is still on the lookout for more security researchers and bug-hunters for its team. Competent and interested people can get in touch in order to partner-in with Google for this cause.
Project Zero will work and function on a real-time basis. What this essentially means that as and when a bug is traced in connection to a particular software, programme, website, online service, etc., it will be reported to the concerned entity (i.e. vendor) and will be updated in an external database wherein all such information will be stored and subsequently shared. Over here one can monitor things such as vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces.
For those of you who’ve been utterly impressed due to this latest move by Google, you should know that this isn’t the company’s first ever effort at curbing cyber crime. Google has a Vulnerability Reward Program for its own web-based products that has been active since late 2010. But this time the company wants to take things to the next level by accounting for the security of the entire cyberspace at large; and rightly so because if we were to believe a recent report by a leading media agency, which suggests that cyber crime costs the world economy about US$404 billion or 0.5% of the world’s GDP on an annual basis, then we’d realise the gravity of the situation and how grave are the ramifications of cyber crime.
While this seems to be a very promising effort on the part of Google, two of the biggest questions of everyone’s minds will be that how quickly can the guys at Project Zero identify vulnerabilities in the form of bug(s) and how rapidly can the vendor(s) respond by releasing bug fixes or patches for such vulnerabilities. Perhaps this can only be answered when Project Zero is subjected to real world tests and more information about it is made available.