Google is watching. For zero-day attacks, that is.
The tech giant has launched a research group called Project Zero, intending to “significantly reduce the number of people harmed by targeted attacks,” according to a blog post today from Google “researcher herder” Chris Evans.
The group is hiring and still taking form, but Evans gave some high-level descriptions of its plans:
We’re not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers. We’ll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we’ll be conducting new research into mitigations, exploitation, program analysis — and anything else that our researchers decide is a worthwhile investment.
Bugs will end up in a publicly available database, and Google researchers will try to work with software makers to let them know about potential issues “in as close to real-time as possible,” Evans wrote.
It’s hard to tell if the project could result in a cloud-based service that Google could charge companies for in some way.
Last year Google announced Project Shield as an invitation-only service for blocking distributed denial of service (DDoS) attacks against sites that that serve up content related to elections, human rights, and media. But even though that could make a perfectly legitimate service on the rapidly expanding Google Cloud Platform, Google hasn’t made a peep about commercializing it.
Even with that record in coming out with new security products, startups that work to research or prevent zero-day attacks, including Invincea, Malwarebytes, and Taasera, ought be tuning in.