It has long been widely acknowledged that a few of the best brains in IT are not always operating on the ‘right’ side of the law. In fact, some of the most brilliant minds are those that end up being behind some of the world’s most famous hacks or malware software. Perhaps unsurprisingly then one of the biggest names in search – Google – is turning to these brains to use their perspective to help protect the Internet giant, as well as the wider online population.
Dubbed the ‘Project Zero team’ these experienced hackers have avoided jail and instead been given the job of seeking out the weaknesses in Internet security – in tools such as Google Chrome and Internet Explorer – and drawing them to Google’s attention so that the worst cyber attacks can potentially be prevented. The name of the team comes from the fact that it has been tasked to find ‘zero-day vulnerabilities’ i.e. the software weaknesses that open the door to hackers. On the open market the discovery of a single one of these can sell for six figures so it’s no surprise that Google has decided to take this in-house
Unlike some other organisations that make the discovery of zero-day vulnerabilities their business, with a view to exploiting them, the Project Zero team will immediately look for fixes and details of the vulnerabilities will be published for all to read. As well as being tasked with tracking down the bugs that form zero-day vulnerabilities the Project Zero team will also be looking at how a hacking attack is carried out and using this information to try and produce guidance on the best way to deal with such an event.
Although many have commended Google’s efforts as something that could have a genuinely positive effect on the security of all users, others have pointed out that the emphasis should really be more on ensuring that software security is as advanced as it can be in the first place. This places the responsibility squarely on the software companies which, according to the opinions of a number of industry experts, should recognise that they have a duty of care to ensure their products are as secure as possible from the outset. It could take some time for all software companies to be prepared to make this commitment but in the meantime Google’s new Project Zero team is a great start.
If you’re concerned about your infrastructure and security management, ITC Secure Networking offers a range of services providing numerous organisations with assured IT. If you would like to speak to one of the team about your requirements, whether that is for whole IT outsourcing or managed network services, please get in touch.