Expert Hacker Debugging the World’s Software
One of Google’s “secret team of bug-hunting hackers” is New Zealander Ben Hawkes. Part of the group known as Project Zero, a group of top Google security researchers with the sole mission of tracking down and neutering the most insidious security flaws in the world’s software, Hawkes was essentially headhunted after winning the “Google Native Code” competition which exposed a number of security vulnerabilities.
Hawkes has been credited with discovering dozens of bugs in software like Adobe Flash and Microsoft Office apps in 2013 alone.
Whether Project Zero can actually eradicate bugs in such a wide collection of programs remains an open question. But to make a serious impact, the group doesn’t need to find and squash all zero-days, Hawkes says. Instead, it only needs to kill bugs faster than they’re created in new code. And Project Zero will choose its targets strategically to maximize so-called “bug collisions,” the cases in which a bug it finds is the same as one being secretly exploited by spies.
”On certain attack surfaces, we’re optimistic we can fix the bugs faster than they’re being introduced,” he says. “If you funnel your research into these limited areas, you increase the chances of bug collisions.”
More than ever, in other words, every bug discovery could deny attackers an intrusion tool. “I’m confident we can step on some toes.”
Original article by Andy Greenberg, WIRED, July 15, 2014.
Photo by Ariel Zambelich/WIRED.