According to the MIT Technology Review, “Google runs some of the most venerated cybersecurity operations on the planet: its Project Zero team, for example, finds powerful undiscovered security vulnerabilities, while its Threat Analysis Group directly counters hacking backed by governments, including North Korea, China, and Russia.”
Handling of zero-day hack-attacks leave questions
The MIT article reports the public disclosure effectively shut down a “live counter-terrorism” cyber mission. It “is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down.” The disclosure of the source of zero-day hack-attacks closed the operation.
It is still uncertain who was running the counter-terrorism operations. But the debate is ongoing. Should it have been considered “out of bounds” for public disclosure? Or was it important the vulnerabilities be revealed so they could be “fixed”? The mission is to, “protect users and make the internet more secure.”
