In 2013, approximately 27 million strains of malware were created—about 74,000 new viruses every day. To neutralize these threats before they affect millions of people, as the Heartbleed bug did, Google has pulled together an elite team of cybersecurity researchers who will help find and eradicate bugs across the Internet.
Announced today, the Project Zero team has been tasked with fixing flaws plaguing the world’s software, in particular the so-called zero-day vulnerabilities: malware threats that developers have yet to address or create patches for. “You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets, or monitor your communications,” says Chris Evans, Project Zero’s “Researcher Herder,” in a blog post. “Our objective is to significantly reduce the number of people harmed by targeted attacks.”
Project Zero won’t just expose zero-day vulnerabilities in Google’s products—the researchers are expected to unearth malware on any software. Once a bug has been discovered, it will be posted to Project Zero’s public external database when a patch becomes available, and the software vendor will be contacted.
Project Zero is looking to expand its team, which already boasts some of the most prominent hackers within Google, including George Hotz, the teen prodigy who won Google’s Pwnium hacking contest in March; Tavis Ormandy, whose credits include finding zero-day threats, ironically enough, in antivirus software; and Ian Beer, who famously exposed flaws in Apple’s OSX, iOS, and Safari. Says Evans, “We’re hiring the best practically minded security researchers and contributing 100% of their time toward improving security across the Internet.”