Can Google make the Internet bug-free?

Google is recruiting top-tier cybersecurity experts for 'Project Zero,' which aims to find and fix bugs across the Internet. 

|
Mark Blinch/Reuters
The Canada Revenue Agency website is seen on a computer screen displaying information about an internet security vulnerability called the 'Heartbleed Bug' in Toronto, April 9.

Google announced Tuesday a new project it says will make the Internet more secure.

How exactly will the search giant take on the seemingly never-ending task of locating and fixing the bugs and hacks that proliferate across the Web? Through its very own team of hackers.

Google is calling this team Project Zero, a group tasked with researching and improving the security of any software used by large numbers of people on the Internet. 

"You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications," writes Chris Evans, who has recruited and put together the team for Project Zero, in a Google security blog post.

Mr. Evans explains that what are known as "zero-day" attacks – attacks that exploit vulnerabilities in patches of software that developers have not been able to fix – have proven a major threat to both companies and individual actors, such as human rights activists, who rely on the Internet. Project Zero's goal is to counter these types of attacks.

"Our objective is to significantly reduce the number of people harmed by targeted attacks," Evans writes in the post. "We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet."

Evans notes that the part-time work undertaken by security researchers has led to important discoveries like Heartbleed, the security vulnerability that made vast swaths of the Internet susceptible to attack. Now, Google wants security experts working full-time to monitor these types of problems. 

According to Wired, Google is still searching for team members and intends to ultimately assemble more than 10 full-time security researchers. Among those who have already been tapped for Project Zero include New Zealander Ben Hawkes, the UK's Tavis Ormandy and Ian Beer, and American George Hotz, who made a name for himself by hacking Google's Chrome OS defenses at the Pwnium hacking competition in March, Wired reports. The team will be led by Evans, who previously helmed Google's Chrome security team, and be mainly based in Google's headquarters of Mountain View, Calif. 

Google emphasizes that Project Zero will dedicate its talents to fixing bugs found in any corner of the Internet, not just Google software. Why? For starters, Google says this effort is for the general betterment of the Internet. Then again, if the Internet wins, so does Google. After all, Google's bread and butter is targeted advertising. And that comes from users feeling safe enough to surf the Web – and click on ads. 

“If we increase user confidence in the internet in general, then in a hard-to-measure and indirect way, that helps Google too,” Evans told Wired. 

But this project also follows recent trends taken by Google to resist government surveillance in the wake of revelations of National Security Agency spying made last year by former government contractor Edward Snowden. Mr. Snowden's leaks revealed that the US government was spying on information from Google's users, Wired points out. In response, Google has taken initiatives like the End-to-End Chrome extension, a security tool to let users encrypt their e-mails as they move from a Web browser to a recipient's inbox by turning them into a series of unreadable characters. In addition, Google's bug bounty program awards cash prizes to security researchers who find bugs in Google-owned Web properties. 

For Project Zero, bugs will be reported to the software's vendor, not to third parties. Then, in the spirit of transparency, after the vendors have had the chance to deal with the bug, all bugs will be filed in an external database where users will be able to "monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces," Evans writes in the security blog post. 

"We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time," he adds.  

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Can Google make the Internet bug-free?
Read this article in
https://www.csmonitor.com/Technology/Horizons/2014/0715/Can-Google-make-the-Internet-bug-free
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe