Google recently announced Project Zero, an initiative to “to significantly reduce the number of people harmed by targeted attacks“. Project Zero is inverting the traditional bug bounty program and there are many positive elements to this new initiative. I'm a big proponent of bug bounty programs and worked with them closely at Mozilla (Mozilla created the first major bug bounty program for Firefox in 2004).
In addition to the positive elements I got a chance to also discuss some of the challenges Project Zero may face with Antone Gonsalves @antoneg at csoonline.com
Last week I delivered the closing keynote at the OWASP AppSec Apac conference held in Tokyo, Japan. Riotaro Okada, Sen Ueno, Robert Dracea
and the entire OWASP Japan chapter put the amazing conference together.
The slides are posted and a video
recording should be available soon.