A new team at Google is aiming to be the cybersecurity superheroes of the Internet.
They’re looking to exterminate those nasty computer bugs that let hackers and government spies sneak into our computers — not just for Google, but for everyone.
The special team is called Google Project Zero. And whether you use products by Adobe (ADBE), Apple (AAPL, Tech30), Microsoft (MSFT, Tech30) or software most people don’t know by name, the team is working on it.
“You should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” Chris Evans, a Google researcher who’s leading the new effort, wrote in a blog post.
Project Zero is made up of some of the world’s smartest, well-intentioned hackers. They spend their days poking at holes in computer code we all rely on — and making sure those holes get patched.
The Project Zero name comes from the very types of bugs they’re trying to eliminate: “zero day” vulnerabilities, which are never-before-seen software flaws that hackers love to exploit.
When Google researchers discover flaws in another company’s software, they’ll quietly alert that firm. If nothing gets done soon, they’ll go public with it on their blog. And if the bug is particularly critical, they’ll put extra pressure on the company and try to develop an alternative themselves, Google (GOOG) told Wired, which first reported the story.
The team already spotted holes in Apple’s iOS device software and Microsoft’s malware protection program, and it got public nods from both.
There’s clearly a need for this kind of help. Devastating bugs that undermine our privacy and financial safety have been found in little-supported, community-maintained software we all use. That was the problem that led to the Heartbleed bug in April and the similar Handshake bug in June.
Google Glass pictures using mind control
Why the stroke of benevolence? Google says it’s part of the company’s all-around altruistic mission to make the world a better place. And ex-Google folks tell CNNMoney they back that up 100%.
But it’s also good business.
“Google realized early on that what’s good for the Internet is good for Google,” said Shuman Ghosemajumder, an executive at cyberdefense firm Shape Security.
By creating Project Zero, Google is helping shoulder a burden presently carried by nonprofits. Groups like the Electronic Frontier Foundation spot digital weaknesses that threaten online safety and develop privacy tools. But now those volunteers have help from a superpower — with super money.
“The level of investment and resources, access to Google infrastructure and knowledge takes it to a completely different level,” Ghosemajumder said.
Also, putting together a ragtag team of coding geniuses is a relatively small cost for Google compared to what it’s getting.
“This gives Google the reputation of taking security seriously,” said Jay Kaplan, an ex-NSA analyst who now leads the cybersecurity firm Synack.