In 2014, Google announced Project Zero, a security research team with the mission to 'make 0-day hard'. A lot has happened since then! This talk shares the ups and downs of Project Zero's past 10 years. It starts by explaining Project Zero's mission and gives an inside look at how the team operates. We'll then look back at the state of 0-day attacks and vulnerability research in 2014, and how both changed over the years.
This talk will describe the many security bugs that Project Zero has discovered over the years, and how the actions of defenders have impacted the prevalence of exploitable vulnerabilities in many targets. It will also discuss the role of mitigations in preventing exploitation, and how increased openness and public research have led to the development of mitigations that have a real impact on attackers. The many challenges of patching, vulnerability disclosure and transparency will also be explored. Finally, we'll discuss the future of Project Zero, including lessons learned, open problems, and how everyone can work to prevent 0-days.
By:
Natalie Silvanovich | Team Lead and Security Engineer, Google
8 окт 2024
