Project Zero (Google)

Project Zero
Web address	googleprojectzero.blogspot.com
Owner	Google
Launched	July 15, 2014 (Script error: The function "age_generic" does not exist. ago)
Current status	Online

Project Zero is the name of a team of security analysts employed by Google tasked with finding zero-day exploits. It was announced on 15 July 2014.^[1]

History

After finding a number of flaws in software used by many end-users while researching other problems, such as the critical "Heartbleed" vulnerability, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by its users. The new project was announced on 15 July 2014 on Google's security blog.^[1] While the idea for Project Zero can be traced back to 2010, its establishment fits into the larger trend of Google's counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden. The team was formerly headed by Chris Evans, previously head of Google’s Chrome security team, who subsequently joined Tesla Motors.^[2] Other notable members include elite security researchers, such as Ben Hawkes, Ian Beer and Tavis Ormandy.^[3]

Bug finding and reporting

Bugs found by the Project Zero team are reported to the manufacturer and only made publicly visible once a patch has been released^[1] or if 90 days have passed without a patch being released.^[4] The 90-day-deadline is Google's way of implementing responsible disclosure, giving software companies 90 days to fix a problem before informing the public so that users themselves can take necessary steps to avoid attacks.^[4]

Notable members

Past members

Notable discoveries

On 30 September 2014 Google detected a security flaw within Windows 8.1's system call "NtApphelpCacheControl", which allows a normal user to gain administrative access.^[5] Microsoft was notified of the problem immediately but did not fix the problem within 90 days, which meant the bug was made publicly available on 29 December 2014.^[4] Releasing the bug to the public elicited a response from Microsoft that they are working on the problem.^[4]

References

↑ ^1.0 ^1.1 ^1.2 Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ ^3.0 ^3.1 ^3.2 ^3.3 ^3.4 ^3.5 ^3.6 Lua error in package.lua at line 80: module 'strict' not found.
↑ ^4.0 ^4.1 ^4.2 ^4.3 Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.

External links

[announcement-1] 1.0 ^1.1 ^1.2 Lua error in package.lua at line 80: module 'strict' not found.

[2] Lua error in package.lua at line 80: module 'strict' not found.

[wired-3] 3.0 ^3.1 ^3.2 ^3.3 ^3.4 ^3.5 ^3.6 Lua error in package.lua at line 80: module 'strict' not found.

[engadget-4] 4.0 ^4.1 ^4.2 ^4.3 Lua error in package.lua at line 80: module 'strict' not found.

[5] Lua error in package.lua at line 80: module 'strict' not found.

[1]

[2]

[3]

[4]

[5]

Project Zero (Google)

Contents

History

Bug finding and reporting

Notable members

Past members

Notable discoveries

See also

References

External links

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools