The project brings together top security researchers to help track down fix major security flaws in popular software. After winning $150,000 in reward money from Google for finding flaws in ChromeOS, Chris Evans, a Google security engineer, contacted George Hotz asking him to join the team.
Today Google plans to publicly reveal that team, known as Project Zero, a group of top Google security researchers with the sole mission of tracking down and neutering the most insidious security flaws in the world’s software. Those secret hackable bugs, known in the security industry as “zero-day” vulnerabilities, are exploited by criminals, state-sponsored hackers and intelligence agencies in their spying operations. By tasking its researchers to drag them into the light, Google hopes to get those spy-friendly flaws fixed. And Project Zero’s hackers won’t be exposing bugs only in Google’s products. They’ll be given free rein to attack any software whose zero-days can be dug up and demonstrated with the aim of pressuring other companies to better protect Google’s users.
“People deserve to use the internet without fear that vulnerabilities out there can ruin their privacy with a single website visit,” says Evans, who now leads Project Zero. “We’re going to try to focus on the supply of these high value vulnerabilities and eliminate them.”
Other members of the team include Ben Hawkes, Tavis Ormandy, and Brit Ian Beer. Google is still hiring and will soon have more than ten full-time researchers. More details in the full Wired report linked below...