Google recently announced “Project Zero”, a new security research team that will work towards discovering vulnerabilities. When bugs are found, Project Zero will follow a responsible disclosure process by giving the software vendor 60 to 90 days to issue patches before public disclosure. This time frame may be reduced for bugs that appear to be actively exploited.
How will Project Zero impact security research and responsible disclosure as a whole?
Listen to episode 165 of our security slice podcast and hear Tim Erlin, Tyler Reguly and Lane Thames discuss how Project Zero’s shorter time frame may actually aid responsible disclosure, why an in-house security research team makes business sense for Google and other possible ulterior motives behind this initiative.
CLICK HERE TO LISTEN TO THE PODCAST
- Security Slice: Bitcoins and Botnets
- Security Slice: The OpenSSL Revival
- Security Slice: Beware of Energetic Bear
- Security Slice: Your Hackable Home
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock