Google‘ Elite Security Team, Project Zero

When Apple launched the iPhone through an exclusive partnership with AT&T in 2007, seventeen-year-old George Hotz wanted to use an iPhone but not with AT&T. He wanted to make calls through his own T-Moblie network, so he  cracked AT&T's lock on the iPhone [1]. Apple scrambled to fix the bug that allowed this, but officially ignored George Hotz.

2007年，当苹果通过与AT&T的独家合作推出iPhone时，17岁的乔治·霍茨(George Hotz)想使用iPhone，但不想与AT&T合作。他想通过自己的t - mobile网络打电话，所以他破解了AT&T对iPhone的锁定[1]。苹果公司匆忙修复了导致这种情况的漏洞，但正式忽略了乔治·霍茨。

Later in 2011, Hotz reverse engineered the Playstation 3 and posted a copy of the root keys on his website, Sony sued him but settled after Hotz promised never to hack Sony products again.

2011年晚些时候，霍茨对Playstation 3进行了逆向工程，并在自己的网站上发布了一份根密钥的副本，索尼起诉了霍茨，但在霍茨承诺不再入侵索尼产品后，索尼与霍茨达成了和解。

Then in early 2014, at Google's hacking competition, Hotz discovered a security hole in Google's Chrome OS. the company gave him a $150000 reward. Two months later, Google's security engineer Chris Evans offered him a position in a team of elite hackers. George Hotz accepted the offer and now works for Google's security team Project Zero [2].

2014年初，在谷歌的黑客大赛上，Hotz发现了谷歌Chrome操作系统的一个安全漏洞。公司给了他15万美元的奖励。两个月后，谷歌的安全工程师克里斯·埃文斯为他提供了一个精英黑客团队的职位。George Hotz接受了这个提议，现在为谷歌的安全团队Project Zero工作[2]。

Project Zero worked in secret until Google publically revealed the team in July 2014. Its sole mission is tracking down and getting rid of security flaws in the world's software. These flaws are called zero-day vulnerabilities, which are a common target of cyber criminals.

Project Zero一直是秘密工作，直到2014年7月谷歌公开了这个团队。它的唯一任务是追踪并消除全球软件中的安全漏洞。这些漏洞被称为零日漏洞，是网络罪犯的常见目标。

Project Zero's hackers aren't just looking into the producs that Google makes. They are free to hack any software are in the world. Why? they want to make a safer Internet for everyone. The team's policy is simple. The team notifies vendors of vulnerabilities immediately. if fixed are not available within 90 days, bug reports automatically become available to public. the 90-day disclosure policy appears to be working in most cases. The Adobe Flash team fixed 37 Project Zero vulnerabilities (or 100%) within the 90-day period. The Project Zero blog indicates that 85% of all vulnerabilities are patched before the deadline.

“零号计划”的黑客不只是在调查谷歌的产品。他们可以自由地破解世界上任何软件。为什么?他们想为每个人创造一个更安全的互联网。团队的政策很简单。团队会立即通知供应商漏洞。如果在90天内无法修复，则bug报告将自动公开。90天的披露政策似乎在大多数情况下都是有效的。Adobe Flash团队在90天内修复了37个Project Zero漏洞(或100%)。Project Zero博客指出，85%的漏洞在截止日期前被修补。

However，recently Google' strict 90-day policy came under fire from  Microsoft and Apple. The Project Zero team publicly disclosed bugs which were present in  Windows 8.1 and MacOS X before Microsoft and Apple released patches. Microsoft heavily criticized Google since the company was scheduled to release a patch just two days later. Recently Google loosened its 90-day policy with an additional 14-day grace period. Now vendors have an additional 14 days to patch vulnerabilities as long as they inform Google of the release schedule before the deadline.

然而，最近谷歌严格的90天政策遭到了微软和苹果的抨击。Project Zero团队在微软和苹果发布补丁之前公开披露了Windows 8.1和MacOS X中存在的漏洞。微软严厉批评谷歌，因为该公司计划在两天后发布补丁。最近，谷歌放宽了90天的政策，增加了14天的宽限期。现在供应商有额外的14天修补漏洞，只要他们在截止日期前通知谷歌发布时间表。

"People deserve to use the Internet without fear that vulnerabilities out there can ruin their privacy with a single website visit. We're going to try to focus on the supply of these high value vulerabilities and eliminate them." says Evans.

“人们应该使用互联网，而不必担心一次访问网站就会破坏他们的隐私。我们将努力把重点放在这些高价值漏洞的供应上，并消除它们。”