Google Announces 'Project Zero'; Researchers To Find Bugs & Security Issues in Non-Google Products

Tags: Google; third-party software; software bug; Project Zero

BY Akie Fronda Jul 16, 2014 11:07 PM EDT

Google's Project Zero was launched to enable the search engine giant to protect users and products against newly discovered bugs (zero-day flaws) and other security issues in third party software.

Project Zero is not the first of its kind, according to Aaron Portnoy, as other companies have already done the bug-hunting research to protect Internet users and improve their client's Non-Google software.

Google's Project Zero amounts to little more than a PR stunt. Bug-bounty programs, such as HP's Zero Day Initiative, have upwards of 1,500 researchers submitting vulnerability reports to their program," says Portnoy in an interview with Tom's Guide.

Google's Project Zero announcement, made through a blog post by its head Chris Evans, said otherwise though, emphasizing on their concern over people harmed by the third party software bugs.

"Our objective is to significantly reduce the number of people harmed by targeted attacks," said Evans in the blog post. "We're hiring the best practically-minded security researchers and contributing 100 percent of their time toward improving security across the Internet."

Evans said that Google's Project Zero researchers are tasked to report any flaws and vulnerabilities they find in a third party software and immediately inform the software's developer. Once the report becomes public, the bug will be collated in an external database where ordinary Google users can see how long was spent by the software developer and the vendor before the bug was fixed.

Google's Project Zero team will be composed of researchers who already possess big bug-hunting successes under their belt, Wired reported. That includes 17-year old George Hotz who is known for finding a Chrome OS bug (which Google rewarded him with $150,000), Ben Hawkes who hunted and found several security issues in Adobe Flash and Microsot Office 2013 and Tavis Ormandy who proved that antivirus software can also be plagues with zero-day flaws and threat internet security of users.

Google mentioned in its blog post that it welcomes applications of those who want to become part of the Project Zero team, and they are open for rewards in every successful bug found.

"We're hiring. We believe that most security researchers do what they do because they love what they do. What we offer that we think is new is a place to do what you love-but in the open and without distraction," it said.