Algorithm
Review
Google's Elite Security Team, Project Zero
When Apple launched the iPhone through an exclusive partnership whit AT&T in 2007, seventeen-year-old George Hotz wanted to use an iPhone but not with AT&T. He wanted to make calls through his own T-Mobile network, so he cracked AT&T's lock on the iPhone. Apple scrambled to fix the bug that allowed this,but officially ignored George Hotz.
Later in 2011, Hotz reverse engineered the Playstation3 and posted a copy of the root keys on his website. Sony sued him but settled after Hotz promised never to hack Sony products again.
Then in early 2014, at Google's hacking competition, Hotz discovered a security hole in Google's Chrome OS. The company gave him a $150,000 reward. Two months later, Google's security engineer Chris Evans offered him a position in a team of elite hackers. George Hotz accepted the offer and now works for Google's security team Project Zero.
Project Zero worked in secret until Google publically revealed the team in July 2014. Its sole mission is tracking down and getting rid of security flaws in the world's software. These flaws are called zero-day vulnerabilities, which are a common target of cyber criminals.
Project Zero's hackers aren't just looking into the products the Google makes. They are free to hack any software are in the world. Why? They want to make a safer Internet for everyone. The team's policy is simple. The team notifies vendors of vulnerabilities immediately. If fixes are not available within 90 days, but reports automatically become available to the public. The 90-day disclosure policy appears to be working in most cases. The Adobe Flash team fixed 37 Project Zero vulnerabilities (or 100%) within the 90-day period. The Project Zero blog indicates that 85% of all vulnerabilities are patched before the deadline.
However, recently Google's strict 90-day policy came under fire from Microsoft and Apple. The Project Zero team publicly disclosed bugs which were present in Windows 8.1 and MacOS X before Microsoft and Apple released patches. Microsoft heavily criticized Google since the company was scheduled to release a patch just two days later. Recently Google loosened its 90-day policy with an additional 14-day grace period. Now vendors have an additional 14 days to patch vulnerabilities as long as they inform Google of the release schedule before the deadline.
"People deserve to use the Internet without fear that vulnerabilities out there can ruin their privacy with a single website visit. We're going to try to focus on the supply of these high value vulnerabilities and eliminate them." says Evans.
Tip
1. 写代码如果可以使用封装好的工具,尽量使用工具(因为工具都是经过测试后稳定且高效的),学到的小工具有
String result = org.apache.commons.lang3.BooleanUtils.toString(true, "1", "0"); // result:12. 进入新项目组,接触到一个初始化时需要加载七八十个文件数据的对象,并且几乎每个任务都依赖这个对象,新加数据源都会在这个基础上加,造成难以重构的场面,由于初始化加载的数据量大,导致就算只是需要其中的一两个数据源,都会加载所有数据,导致花的时间很长,感想是最好设计的时候就将各个数据源分离到单独的类,需要什么数据源再去选择性的初始化对应的类。
Share
《缓存更新的套路》
扫一扫
593
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
