|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2014-07-15 13:29:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Google's "Project Zero"
Google's newly announced
Project Zero is focused on making the net as a whole safer from attackers.
"We're not placing any particular bounds on this project and will
work to improve the security of any software depended upon by large numbers
of people, paying careful attention to the techniques, targets and
motivations of attackers. We'll use standard approaches such as locating
and reporting large numbers of vulnerabilities. In addition, we'll be
conducting new research into mitigations, exploitation, program
analysis—and anything else that our researchers decide is a worthwhile
investment." Their policy of only reporting bugs to the vendor
looks like it could result in the burying of inconvenient vulnerabilities,
but presumably they have thought about that.
Google's newly announced
Project Zero is focused on making the net as a whole safer from attackers.
"We're not placing any particular bounds on this project and will
work to improve the security of any software depended upon by large numbers
of people, paying careful attention to the techniques, targets and
motivations of attackers. We'll use standard approaches such as locating
and reporting large numbers of vulnerabilities. In addition, we'll be
conducting new research into mitigations, exploitation, program
analysis—and anything else that our researchers decide is a worthwhile
investment." Their policy of only reporting bugs to the vendor
looks like it could result in the burying of inconvenient vulnerabilities,
but presumably they have thought about that.
