Google has announced a new plan to tackle Zero Day vulnerabilities, in a bid to reduce the number of targeted attacks.
They are calling it, Project Zero.
This comes in the wake of the recent Heartbleed vulnerability, which exposed millions of websites to attacks.
Google has voiced it’s concern about online security quoting, the exploitation of bugs in software which allows an attacker to snoop on your communications, or worse, steal secrets. (This may be a reference to the NSA.)
Google is hiring the best security researchers for the project, to improve online security. It plans to learn about the attacker’s motivation, their targets, and the techniques they employ. The team will also be conducting new research to prevent such attacks and exploitations.
This project is not restricted merely to websites, but will also be used to find bugs in third party software that people use, and not limited to Google’s services alone. The bugs will be filed in a database, but they will only be shared privately to the affected party, e.g. a software vendor.
The vendor in turn, will fix the vulnerability in a patch. The vendor will file a report, which will be visible to the public, with the details to fix the reported vulnerability, which includes time taken to fix the issue.
via