Week -3 
Cybr-650
Project Zero, Google’s Secret Team of Bug-Hunting Hackers 

Project Zero is Google's new security project to dedicated to finding flaws on the Internet. Project Zero objective is to reduce the number of people harmed by targeted attacks and make the Internet safer. So far Google security team have worked hard to secure their products like Google Search, Gmail, and Drive. And with this project, it plans to look into non-Google technologies. It wants to locate and report large numbers of vulnerabilities and conduct new research into mitigations, exploitation, program analysis. Once the vulnerabilities are located, they will notify software's vendor about the bug and they will give them 60-90 days to resolve the issue. After the deadline, it will make the information public from Project Zero website. I think it's the right way to do it and this will motivate other software vendors to fix their vulnerabilities faster.

Project Zero wants to assemble the best and brightest security researchers to track down and neutering the most insidious security flaws in the world's software. The team has recruited security experts like Chris Evans who led the Google's Chrome Security Team earlier, Ben Hawkes, who has been credited with discovering dozens of bugs in software like Adobe Flash and Microsoft Office apps, and George Hotz, who was able to crack AT&T iPhone in 2007.

Project Zero is a good initiative by Google. It is recommendable their effort to improve Internet security for all Internet users. I hope other giants like Yahoo, Microsoft, Facebook will follow Google's lead to liberating Internet. Google might be spending more on this project. It also helps Google to recruit top talents. Google also benefits having more users on the internet clicking ad on Google related sites. According to Evans, "People deserve to use the internet without fear that vulnerabilities out there can ruin their privacy with a single website visit." But time will tell if it was Google's PR stunt or really trying to help the Internet community.

References:

• Greenberg, A. (July 15, 2014). Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers <<< Wired. Retrieved from http://www.wired.com/2014/07/google-project-zero/

Week 2
CYBR-650

We can almost anything on the web so it is the same for IT Security related information. As a Security Professional, you might want to limit your resources to credible sources. Below are some of the list that you should know as a security professional. 

Vendor websites - Vendor websites are one of the best resources to investigate to find out about the possible vulnerabilities. Vendor sites will provide you the security advisory notices with instruction on how to fix the issue. They also provide you latest patches/service pack. You can subscribe their newsletter so you are one of the first ones to know about the new products or security vulnerabilities. If your network is Windows related then you may want to visit http://technet.microsoft.com If you are using Unix, Linux and Mac OS then you have to visit their websites. 

National Vulnerability Database (NVD) - NVD is U.S. government repository of standards based vulnerability management data and it is under NIST's Computer Security Division. It supports the U.S. government many agencies like OSD, DHS, NSA, DISA, and NIST's Information Security Automation Program. NVD data helps to enable the automation of vulnerability management, security measurement, and compliance. It provides CVE vulnerabilities, checklists, US-CERT alerts and vulnerability notes. It provides CVE vulnerabilities with the CVSS score with rankings of Low, Medium, and High. 

https://nvd.nist.gov/home.cfm

United States Computer Emergency Readiness Team (US-CERT) -  US-CERT is another government entity under the Department of Homeland Security's (DHS) National Protection and Programs Directorate (NPPD). It was created to protect Internet infrastructure against cyber attacks. It is responsible for analyzing and reducing cyber threats, vulnerabilities, informing cyber threat warning information, and coordinating incident response activities. You can subscribe to their bulletins to get the latest information regarding the cyber attacks and security. You can also report cyber incident or software vulnerability through their website. 

https://www.us-cert.gov/

SANS Institute - SANS was established in 1989 as a cooperative research and education organization. It is a one of the most trusted source for computer security, training, certification, and research. It provides training in the diverse field of security administration, forensics, and auditing.  It maintains the largest collection of research documents related to information security for free. It maintains the Internet's early warning system called Internet Storm Center (ISC). ISC provides a free analysis and warning services to fight back against the attackers. It also founded Global Information Assurance Certification (GIAC) certification entity which helps validate the skills of information security professionals.

http://www.sans.org/about/

Antivirus Solution provider - There are many excellent antivirus solution providers like Symantec, McAfee, and Kaspersky. They have a website where you can find the latest threat activity. For example, Symantec has a page dedicated to Security Response at http://www.symantec.com/security_response/ It provides information on how to protect from security threats that include malware, security risks, vulnerabilities, and spam. It has a listing of known threats and risks with detailed information like what type of threat it is, threat assessment when it was discovered, what type of systems are affected and how it can be resolved.

CYBR 650 - Post 1

This is the blog site that I will be using for CYBR 650 - Current Trends in Cybersecurity class. This is a Capstone course of the MS in Cybersecurity program. We will be discussing the identification and management of threats and vulnerabilities within an enterprise security program. I am looking forward to reading/learn about the different technologies classmates will be presenting on. I have one more class to go to complete MS in Cybersecurity.