October 10, 2023 at 08:24AM
Natalie Silvanovich, a member of Google’s Project Zero, discusses her work in finding and fixing zero-day vulnerabilities. Project Zero aims to make zero-day vulnerabilities difficult to exploit by attackers. Silvanovich explains the team’s disclosure policy, research process, and the necessary skills for being a successful researcher. She also touches on ethical considerations and the difference between malicious hackers and ethical researchers.
According to the meeting notes, Natalie Silvanovich is a member of Google’s Project Zero, a group of cybersecurity researchers whose mission is to address zero-day vulnerabilities. The team identifies vulnerabilities used by attackers and works with vendors to fix them. They also share information about critical vulnerabilities to help improve software security. Silvanovich mentioned that most of her projects are individual, but she has also worked on collaborative projects. The team follows a 90-day disclosure policy for vulnerabilities, but if a vulnerability is already being exploited, the disclosure period is reduced to seven days. Silvanovich shared that her interest in cybersecurity started with an internship during her university years, and her degree in Electrical Engineering has provided her with relevant skills for her career as a researcher.
Full Article – https://ift.tt/Tl9FmEz