Project Zero will be focusing more on the zero-day vulnerabilities or zero-day attack, which are threats that take advantage of a previously unknown susceptibility in an app or Web service that has not been addressed or patched by developers.
In a blog post Chris Evans, Google's Researcher Herder said, "Security is a top priority for Google. We've invested a lot in making our products secure, including strong SSL encryption by default for Search, Gmail and Drive, as well as encrypting data moving between our data centres. Beyond securing our own products, interested Googlers also spend some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed (It is a serious vulnerability in the popular OpenSSL cryptographic software library). The success of that part-time research has led us to create a new, well-staffed team called Project Zero."
Google also confirmed that it is hiring security researchers for the Project Zero team. The search engine giant further confirmed that the team will work to enhance the security of any software depended upon by large numbers of people, and will not focus only on Google services. The Project Zero team's attempt will be to locate and report large numbers of vulnerabilities, and any bug discovered by the team will be filed in its external database. Google revealed that it will be reporting bugs to the software's vendor and will not involve third parties. "We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time," the blog post added.
The search giant further detailed the Project Zero mission in the blog post, "Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100 percent of their time toward improving security across the Internet. We'll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis-and anything else that our researchers decide is a worthwhile investment."