Tuesday, 18 November 2014

Google’s Project Zero Cybersecurity Watch: No Excuses

Google  announced Project Zero, an effort to speed up the security bug-fixing process. A team of cybersecurity experts will go after vulnerabilities in any and all software, notify the vendors, and then file bug reports in a public database so users can track the issuance of patches.

The Project Zero team has promised to send bug reports to vendors in as close to real-time as possible, and to work with them to get fixes to users in a reasonable time.

The announcement will shake up software vendors, who are not noted for patching vulnerabilities rapidly; for example, Snapchat for months ignored a security vulnerabilitybrought to its attention and denied knowledge of the flaw when the hacker published deBlockedls on the Web.

Cybersecurity vendors also will be rattled.

Google is lighting a fire under software vendors to get them to take their bug-fixing responsibilities more seriously. Project Zero will ferret out flaws, report them to vendors, and then post them online, where anyone who cares can watch the clock tick until a patch is delivered. People should be able to use the Web without fear of cybercriminals or state-sponsored intruders, says Google.