Bug Hunters | HACKING GOOGLE | Documentary EP004

00:15:06
https://www.youtube.com/watch?v=IoXiXlCNoXg

Resumo

TLDRThe video discusses the legacy of Donald Knuth, a pioneering figure in computer science, especially noted for his work "The Art of Computer Programming." The video highlights Knuth's meticulous nature and how it delayed the publication of his work. He ultimately invited readers to report errors for a reward, a principle echoed today in software development via bug bounty programs. Companies like Google adopt these programs to enhance product security, offer monetary rewards for discovering vulnerabilities, and build a collaborative global community of ethical hackers. The video also describes how these efforts have increased significantly and led to the discovery of numerous bugs, helping improve software security industry-wide.

Conclusões

  • 📚 Donald Knuth is a foundational figure in computer science, known for 'The Art of Computer Programming.'
  • 🏅 His book is deemed essential reading, likened to a rite of passage in the programming community.
  • ⌛ Knuth's demand for perfection caused delays, leading him to seek reader-contributed error corrections.
  • 💵 The concept of rewarding error hunters is mirrored in today's bug bounty programs.
  • 🛡️ Companies like Google utilize bug bounties to identify and correct software vulnerabilities.
  • 🚀 Bug hunting engages a global community, fostering innovation and security awareness.
  • 🗂️ Bug types include functional bugs and security vulnerabilities, each affecting software differently.
  • 🌍 Bug bounty programs have expanded significantly, inviting hackers from more than 100 countries.
  • 💡 Today's bug hunters apply their discoveries to strengthen future software security.
  • ✍️ The human touch, like personalized notes, enhances the collaborative spirit in bug bounty programs.

Linha do tempo

  • 00:00:00 - 00:05:00

    Donald Knuth is a highly influential figure in computer science, renowned for his extensive work 'The Art of Computer Programming'. Despite his perfectionist nature causing delays in publishing the book, he found a solution by inviting readers to report errors for future correction, which also included a unique reward system of 256 cents per error. This proactive approach parallels modern bug bounty programs, where companies, like Google, incentivize individuals to find and report coding errors.

  • 00:05:00 - 00:10:00

    Google has embraced the concept of bug bounty programs, encouraging individuals to find vulnerabilities in their software. This is crucial as software updates and changes continually introduce potential flaws. Through these programs, a diverse array of talented individuals participates, leading to significant discoveries that enhance security. Notable bug hunters have emerged, contributing to a more secure digital environment and sometimes transitioning from hunters to integral parts of security teams.

  • 00:10:00 - 00:15:06

    The document highlights the evolving culture around discovering and fixing software vulnerabilities. Bug bounty programs have transformed the perception of hackers from online threats to invaluable contributors to software security. By offering financial incentives and fostering a collaborative community, companies gain insights that advance their software's reliability. As these programs mature, they pave the way for future technological integrity and innovation, reflecting Knuth's wisdom on iterative improvement.

Mapa mental

Vídeo de perguntas e respostas

  • Who is Donald Knuth?

    Donald Knuth is a renowned professor, author, and mathematician known for his influential work in computer science, particularly his book 'The Art of Computer Programming.'

  • What is 'The Art of Computer Programming'?

    'The Art of Computer Programming' is a comprehensive multi-volume book by Donald Knuth that has become a fundamental text in computer science.

  • Why is Knuth's book significant?

    Knuth's book is considered a foundational work in computer science, known for its depth and thorough analysis of algorithms and programming principles.

  • What challenge did Knuth face while writing his book?

    Knuth's perfectionism led him to repeatedly miss deadlines as he sought to make his work error-free.

  • What solution did Knuth propose for handling errors in his book?

    Knuth encouraged readers to report errors, offering 256 cents as a reward for each correction, promoting continuous improvement of the text.

  • How do modern software companies apply Knuth’s principle?

    Modern companies, like Google, implement bug bounty programs, encouraging external individuals to find and report errors in exchange for rewards.

  • What are bug bounty programs?

    Bug bounty programs invite individuals to find and report security vulnerabilities in software or systems, often rewarding them monetarily.

  • Why do companies run bug bounty programs?

    Bug bounty programs help companies identify and fix vulnerabilities to improve security and prevent exploitation by malicious hackers.

  • Who benefits from bug bounty programs?

    Both the companies, which gain more secure software, and the bug hunters, who are rewarded for their discoveries, benefit from these programs.

  • How has Google enhanced its bug bounty program?

    Google has expanded its bug bounty program by offering unlimited rewards and fostering a community of bug hunters.

Ver mais resumos de vídeos

Obtenha acesso instantâneo a resumos gratuitos de vídeos do YouTube com tecnologia de IA!
Legendas
en
Rolagem automática:
  • 00:00:01
    [Narrator] This
  • 00:00:01
    is Donald Knuth.
  • 00:00:03
    [♪ classical music ♪]
  • 00:00:04
    [slides click]
  • 00:00:06
    Professor.
  • 00:00:07
    [slides click]
  • 00:00:08
    Author.
  • 00:00:09
    [slides click]
  • 00:00:10
    Math savant.
  • 00:00:11
    [slides click]
  • 00:00:13
    [♪ dramatic organ music ♪]
  • 00:00:15
    Pipe organist.
  • 00:00:17
    And this
  • 00:00:18
    is Donald Knuth's life's work,
  • 00:00:21
    "The Art of Computer Programming"
  • 00:00:23
    clocking in at well over 3,000 pages.
  • 00:00:27
    It's considered by many
  • 00:00:28
    to be a founding text of computer science.
  • 00:00:30
    [♪ rousing classical music ♪]
  • 00:00:32
    Bill Gates once said, "If you can read the whole thing,
  • 00:00:35
    send me a resume."
  • 00:00:37
    [mouse clicks]
  • 00:00:39
    [film projector rolls]
  • 00:00:40
    [♪ upbeat music ♪] But in 1964,
  • 00:00:42
    when Knuth was still in the middle
  • 00:00:44
    of writing volume one,
  • 00:00:45
    there was no guarantee
  • 00:00:46
    his opus would ever see the light of day.
  • 00:00:48
    [film projector rolls]
  • 00:00:49
    That's because the same perfectionist streak
  • 00:00:52
    that drove Knuth
  • 00:00:52
    to analyze his college basketball team
  • 00:00:55
    and optimize his home's kitchen
  • 00:00:56
    around the trash can
  • 00:00:57
    was getting in the way of actually publishing anything.
  • 00:01:01
    Checking and rechecking every page,
  • 00:01:03
    Knuth blew through deadline after deadline.
  • 00:01:06
    His editor demanded progress,
  • 00:01:09
    his family missed him
  • 00:01:11
    and still, volume one remained unfinished.
  • 00:01:17
    Finally, he arrived at a solution.
  • 00:01:20
    If he could not make his book perfect,
  • 00:01:22
    he would make it perfectible.
  • 00:01:24
    And so on page 12 of the preface,
  • 00:01:26
    he added a short note.
  • 00:01:28
    [typewriter keys clack]
  • 00:01:28
    ”I will greatly appreciate receiving information
  • 00:01:31
    about any errors noticed by the readers
  • 00:01:34
    so that they may be corrected as soon as possible
  • 00:01:37
    in future editions.”
  • 00:01:41
    [paper rips]
  • 00:01:41
    It worked.
  • 00:01:42
    [♪ upbeat music ♪]
  • 00:01:43
    As soon as the book hit shelves,
  • 00:01:44
    error reports started coming in.
  • 00:01:46
    Mathematicians corrected flawed equations.
  • 00:01:49
    Knit pickers pointed out punctuation errors.
  • 00:01:51
    With each find,
  • 00:01:52
    Knuth mails out a reward of 256 cents.
  • 00:01:56
    That's 1-0-0 in hexadecimal,
  • 00:01:59
    in case you didn't know.
  • 00:02:00
    So far, Knuth’s got more
  • 00:02:02
    than $22,000 worth of checks.
  • 00:02:05
    They've even become a bit of a collector's item.
  • 00:02:08
    More get framed than cashed.
  • 00:02:10
    And with each new edition of his book,
  • 00:02:12
    fewer and fewer errors remain.
  • 00:02:16
    Flash forward to today,
  • 00:02:18
    and the software engineers responsible
  • 00:02:20
    for the apps and services
  • 00:02:21
    billions of people rely on
  • 00:02:22
    face a conundrum similar to Knuth's.
  • 00:02:25
    [traffic noises]
  • 00:02:26
    [machines buzz]
  • 00:02:27
    [keyboard clicks]
  • 00:02:29
    How do you make your code perfect
  • 00:02:31
    without delaying progress indefinitely?
  • 00:02:35
    You follow in Knuth's footsteps
  • 00:02:38
    and start rewarding the people that hunt down your mistakes.
  • 00:02:52
    [♪ anthemic music ♪]
  • 00:02:53
    When it's your job to keep billions of people safe online,
  • 00:02:58
    you have to live and breathe
  • 00:02:59
    and see the internet just like the attackers do
  • 00:03:03
    because the only way to stop a hacker
  • 00:03:06
    is to think like one.
  • 00:03:19
    [♪ soft music ♪]
  • 00:03:26
    This is Eduardo Vela,
  • 00:03:28
    Security Engineering Lead at Google.
  • 00:03:30
    [Eduardo] Yeah. Hello. [laughs]
  • 00:03:32
    [Narrator] Eduardo doesn't have a Knuth check,
  • 00:03:34
    but he has found thousands of errors
  • 00:03:36
    in all kinds of software—
  • 00:03:37
    including Google's.
  • 00:03:39
    [Director] Does Google have bugs?
  • 00:03:40
    [Eduardo] Sure. Google has bugs.
  • 00:03:41
    Google has vulnerabilities.
  • 00:03:43
    Everything that we do in everyday life
  • 00:03:46
    that relates to software,
  • 00:03:48
    we are putting some trust
  • 00:03:50
    on whoever wrote that code.
  • 00:03:51
    [♪ upbeat music ♪]
  • 00:03:57
    We as Googlers,
  • 00:03:58
    we recognize the responsibility
  • 00:04:00
    of the faith that people place in Google.
  • 00:04:05
    We have a team of people
  • 00:04:07
    that will look at the codes,
  • 00:04:08
    that will look at the products
  • 00:04:10
    and we look for bugs.
  • 00:04:12
    But then inevitably,
  • 00:04:13
    there is going to be something
  • 00:04:15
    that we didn't know about.
  • 00:04:18
    [Narrator] Coming up with new ways to keep bugs
  • 00:04:20
    out of Google's code is a full-time job.
  • 00:04:22
    One that's held by Christoph Kern,
  • 00:04:25
    Principal Engineer on Google's Security Foundations Team.
  • 00:04:28
    He knows more about bugs than just about anyone.
  • 00:04:31
    [Christoph] There's basically two kinds of bugs.
  • 00:04:32
    There's functional bugs
  • 00:04:33
    where the program just doesn't work correctly,
  • 00:04:35
    like some UI element.
  • 00:04:36
    You click on the button,
  • 00:04:37
    nothing happens,
  • 00:04:38
    that kind of thing.
  • 00:04:38
    [error noise]
  • 00:04:40
    And then there's security bugs
  • 00:04:41
    where the program doesn't work correctly,
  • 00:04:43
    but it has a security implication where,
  • 00:04:45
    for instance, somebody else might be able to get data
  • 00:04:48
    that they're not supposed to have.
  • 00:04:49
    [♪ soft music ♪]
  • 00:04:50
    [Narrator] He's talking about bugs like—
  • 00:04:52
    [Christoph] Memory corruption vulnerabilities,
  • 00:04:54
    buffer overflows,
  • 00:04:55
    injection bugs,
  • 00:04:56
    cross site script injection,
  • 00:04:57
    SQL injection,
  • 00:04:58
    predictable identifiers,
  • 00:05:00
    various authorization vulnerabilities.
  • 00:05:03
    I don't know.
  • 00:05:04
    Let's leave it at that, maybe. [laughs]
  • 00:05:06
    [Narrator] Fair enough.
  • 00:05:07
    But if we already know about all these bugs,
  • 00:05:09
    why do they keep popping up?
  • 00:05:11
    [Christoph] One particular challenge
  • 00:05:13
    with a software that's being delivered
  • 00:05:14
    over the internet is that it's so malleable, right?
  • 00:05:18
    Many web-facing applications basically
  • 00:05:20
    get delivered a new version every couple weeks
  • 00:05:22
    or even every week.
  • 00:05:23
    So the software is constantly changing.
  • 00:05:25
    Every time there is a change,
  • 00:05:26
    there is a possibility of introducing a subtle flaw
  • 00:05:29
    that could potentially have security implications.
  • 00:05:31
    [Narrator] So change causes bugs
  • 00:05:33
    and code is always changing.
  • 00:05:36
    Faced with this problem,
  • 00:05:37
    there are two approaches companies can take—
  • 00:05:40
    hope no one finds their bugs
  • 00:05:42
    and threaten to prosecute those who do,
  • 00:05:46
    or think like Knuth
  • 00:05:48
    and ask the community for help.
  • 00:05:50
    [♪ suspenseful music ♪]
  • 00:05:52
    [Camille] So there are a lot of people who,
  • 00:05:54
    for the intellectual stimulation of it all,
  • 00:05:57
    tend to search for vulnerabilities in systems.
  • 00:06:02
    [Royal] When you think back to this
  • 00:06:03
    community of hackers,
  • 00:06:05
    one of the things that they
  • 00:06:06
    loved doing
  • 00:06:07
    was finding something
  • 00:06:09
    that no one else has found before.
  • 00:06:12
    [Tim] I think it just comes from
  • 00:06:13
    an innate sense of curiosity,
  • 00:06:16
    wanting to figure out how things work.
  • 00:06:18
    [Eduardo] Literal translation of hacker
  • 00:06:19
    in Spanish is
  • 00:06:21
    "pirata informático,"
  • 00:06:22
    which means "information pirate."
  • 00:06:24
    I think it represents better what we do
  • 00:06:26
    when we talk about bug hunting
  • 00:06:27
    or vulnerability researchers.
  • 00:06:28
    You are looking for clues,
  • 00:06:29
    you're looking for hints
  • 00:06:30
    and you're trying to chase weird behavior
  • 00:06:32
    into something that is like a bug or vulnerability.
  • 00:06:35
    That's why it's called bug hunting
  • 00:06:37
    and yeah,
  • 00:06:38
    it's like hunting
  • 00:06:39
    [laughs] for bugs.
  • 00:06:43
    We have this program
  • 00:06:44
    called a Google Bug Hunters Program
  • 00:06:46
    in which we ask people in the world
  • 00:06:48
    that are able to find security issues
  • 00:06:51
    to tell us about it.
  • 00:06:52
    [Narrator] Across more than 100 countries,
  • 00:06:55
    thousands of amateur and professional hackers alike
  • 00:06:57
    have answered the call,
  • 00:06:59
    filing thousands of bug reports every year.
  • 00:07:02
    Over time, a few of these hunters have risen to the top,
  • 00:07:05
    the best of the best.
  • 00:07:07
    [Eduardo] Bug hunters are from all around the world.
  • 00:07:09
    They come from as many countries as you can imagine.
  • 00:07:12
    Sometimes it's very difficult to ship them gifts,
  • 00:07:14
    and that's usually how we found out
  • 00:07:15
    where exactly they are from.
  • 00:07:16
    [♪ western music ♪]
  • 00:07:17
    There is one guy named Callum. He's from the United Kingdom.
  • 00:07:20
    [Callum] I hack companies in my free time. [laughs]
  • 00:07:23
    It's the easiest way to say it. [laughs]
  • 00:07:26
    [Eduardo] There's Yesenia from Mexico.
  • 00:07:27
    [Yesenia speaks in Spanish]
  • 00:07:33
    [Eduardo] We have João Lucas Melo Brasio.
  • 00:07:36
    He used the money that we gave him
  • 00:07:37
    for rewards
  • 00:07:38
    to build companies.
  • 00:07:39
    Now he has many companies. [laughs]
  • 00:07:41
    He has houses and [beep].
  • 00:07:42
    Sorry.
  • 00:07:43
    [laughs]
  • 00:07:44
    He has houses and "stuff."
  • 00:07:47
    [Narrator] Look at the top of the leaderboard,
  • 00:07:48
    and you'll find Tomasz Bojarski,
  • 00:07:50
    the number one ranked bug hunter in the world.
  • 00:07:54
    [Tomasz] I'm number one since 2016,
  • 00:07:58
    and I'm not really putting any effort
  • 00:08:00
    into keeping number one.
  • 00:08:02
    I don't know why. People are so lazy, I guess.
  • 00:08:04
    [laughs]
  • 00:08:05
    [Narrator] But hot on Tomasz's heels
  • 00:08:06
    is a new generation of hackers.
  • 00:08:09
    One that entered the hunt before they could even drive.
  • 00:08:12
    Meet Ezequiel Pereira,
  • 00:08:14
    hacker since homeroom.
  • 00:08:16
    [♪ mellow music ♪, school bell rings]
  • 00:08:17
    [Ezequiel] When I was in high school,
  • 00:08:19
    I decided to try
  • 00:08:20
    to find like, vulnerabilities
  • 00:08:21
    in the high school website.
  • 00:08:23
    Bringing the site down
  • 00:08:27
    or editing some page to say,
  • 00:08:28
    "Oh, there are no classes," or something like that.
  • 00:08:32
    Then I got caught.
  • 00:08:34
    They suspended me for a month
  • 00:08:36
    and made me clean the high school
  • 00:08:39
    until the end of the school year.
  • 00:08:41
    [mop drags]
  • 00:08:42
    [mop bucket creaks]
  • 00:08:43
    [water splashes]
  • 00:08:44
    And that was not fun at all.
  • 00:08:46
    That was not fun at all.
  • 00:08:48
    [Narrator] Youthful hijinks aside,
  • 00:08:50
    it didn't take long for Ezequiel
  • 00:08:51
    to start putting his skills to good use.
  • 00:08:54
    [Ezequiel] In 2018,
  • 00:08:55
    I reported a security vulnerability in Google Cloud.
  • 00:09:00
    Suddenly, I get an email.
  • 00:09:02
    "Congratulations.
  • 00:09:03
    Thank you for reporting this vulnerability to us."
  • 00:09:06
    Called my mother.
  • 00:09:07
    [phone ringing]
  • 00:09:08
    "Hello, by the way,
  • 00:09:09
    Google told me that
  • 00:09:11
    a vulnerability that I had reported,
  • 00:09:13
    they would be rewarding me with $10,000."
  • 00:09:17
    Suddenly, she screamed
  • 00:09:18
    [Ezequiel’s mom screams through the phone]
  • 00:09:19
    [laughs] and I had to put away the phone.
  • 00:09:24
    [♪ dramatic music ♪]
  • 00:09:25
    [Reporter] Authorities are still deciding whether
  • 00:09:27
    to file charges against the hackers.
  • 00:09:29
    [Narrator] As long as there's been an internet,
  • 00:09:31
    there have been people like Ezequiel,
  • 00:09:33
    but there hasn't always been a way
  • 00:09:34
    for their skills to be rewarded.
  • 00:09:36
    At least not ethically.
  • 00:09:39
    Early resistance to the idea of
  • 00:09:41
    paying for bugs
  • 00:09:42
    drove hackers to the darker corners of the web,
  • 00:09:44
    where bug brokers that operate outside the law welcomed them
  • 00:09:48
    and their discoveries
  • 00:09:49
    with open arms.
  • 00:09:51
    It's a problem that still exists today.
  • 00:09:54
    [Tim] These days, you can go to websites,
  • 00:09:56
    you can look it up and see
  • 00:09:57
    what the price of a certain exploit is
  • 00:09:59
    and also,
  • 00:10:00
    if you're a security researcher,
  • 00:10:01
    you can submit that exploit into
  • 00:10:04
    what's basically known as the gray market
  • 00:10:06
    where you would sell that vulnerability
  • 00:10:08
    to a bug broker
  • 00:10:10
    who would then go sell it
  • 00:10:11
    to unspecified clients,
  • 00:10:13
    usually at a much higher price,
  • 00:10:15
    and the clients we're talking about here,
  • 00:10:17
    nation states
  • 00:10:18
    or people with very deep pockets.
  • 00:10:20
    [Director] Why would they be buying something like that?
  • 00:10:22
    [Tim] Almost certainly to use to exploit users.
  • 00:10:27
    [Narrator] In the early days of bug hunter programs,
  • 00:10:29
    rewards were given out just a few times a year
  • 00:10:31
    from a limited prize pool.
  • 00:10:33
    [♪ dramatic music ♪]
  • 00:10:34
    To counter the growing appetite of the black market
  • 00:10:37
    and to find more of the errors hiding in Google's code,
  • 00:10:40
    Tim and Eduardo had to change tactics
  • 00:10:42
    and increase the stakes considerably.
  • 00:10:46
    [Tim] We thought, "Wouldn't it be cool
  • 00:10:47
    if we said we'd pay infinity million dollars for bugs?"
  • 00:10:52
    We spoke about it. And we're like, "Well, why not?
  • 00:10:53
    Like, would there be a case where we
  • 00:10:56
    would not pay for that type of bug?"
  • 00:10:58
    No?
  • 00:10:59
    Okay.
  • 00:11:00
    Then aren't we basically saying
  • 00:11:01
    there's infinity million dollars on the table?
  • 00:11:03
    [Narrator] Since moving to an unlimited war chest,
  • 00:11:06
    bug finds have gone parabolic
  • 00:11:08
    with new records being set every year.
  • 00:11:10
    But it's not just about financial incentives.
  • 00:11:14
    Here's Katie Moussouris, CEO of Luta Security.
  • 00:11:17
    She's an expert in what makes bug hunters tick.
  • 00:11:20
    [Katie] Having a steady stream
  • 00:11:22
    of high-quality security researchers,
  • 00:11:24
    that takes a whole bunch more community building,
  • 00:11:28
    and that is something that
  • 00:11:29
    I think Google really excels in.
  • 00:11:32
    They have their own very highly skilled security researchers
  • 00:11:35
    interacting with their counterparts
  • 00:11:37
    on the outside of Google all the time.
  • 00:11:40
    [Narrator] That starts with a handwritten thank you note
  • 00:11:42
    or at least a handwritten email.
  • 00:11:44
    [Tomasz] The engineer who is taking the bug,
  • 00:11:46
    he actually writes a message to himself and says,
  • 00:11:48
    "Nice catch!"
  • 00:11:49
    "Nice catch!"
  • 00:11:50
    [João] "Nice catch!"
  • 00:11:51
    [Ezequiel] "Nice catch!"
  • 00:11:52
    [Tomasz] They always send you that.
  • 00:11:52
    [Callum] The classic Google line
  • 00:11:53
    the "nice catch," yeah.
  • 00:11:54
    They've got an emoji now. [laughs]
  • 00:11:57
    [Yesenia speaks in Spanish]
  • 00:12:01
    [João] And sometimes when you receive a,
  • 00:12:03
    "Whoa!
  • 00:12:04
    Very nice catch!
  • 00:12:05
    Oh my God, you are a superhero!!!”
  • 00:12:07
    It's nice.
  • 00:12:09
    [Tomasz] And I love that because
  • 00:12:10
    it's individual thing to you, right?
  • 00:12:12
    For the bug.
  • 00:12:12
    [Katie] And that sort of
  • 00:12:13
    direct engineer to engineer interaction
  • 00:12:16
    is one of the most powerful ways to attract outsiders,
  • 00:12:20
    way more than money.
  • 00:12:22
    [Narrator] The respect Google engineers have
  • 00:12:24
    for the hunters is about more than technical prowess.
  • 00:12:28
    It's about gratitude
  • 00:12:29
    [♪ upbeat music ♪]
  • 00:12:30
    because the bugs they find aren't just stamped out.
  • 00:12:33
    They're also studied.
  • 00:12:34
    [Katie] The best hackers in the world are ones
  • 00:12:37
    who continually learn from other hackers.
  • 00:12:40
    We are exchanging ideas,
  • 00:12:41
    learning new techniques
  • 00:12:43
    and expanding upon each other's knowledge.
  • 00:12:46
    [Narrator] Bugs reported today will be used
  • 00:12:47
    to strengthen the preventative measures of tomorrow,
  • 00:12:50
    allowing the code of the future
  • 00:12:52
    to start out a little closer to error-free.
  • 00:12:55
    [Christoph] Sometimes you see a report
  • 00:12:57
    from a bug hunter
  • 00:12:57
    where somebody found a really subtle problem
  • 00:13:01
    that actually betrays a fairly detailed understanding
  • 00:13:04
    of how the application works.
  • 00:13:06
    You wonder, "How do they figure this out," right?
  • 00:13:08
    And you're like, "Oh, this is pretty cool."
  • 00:13:10
    And then quite a few of those bug hunters end up
  • 00:13:13
    getting hired [laughs] because they
  • 00:13:16
    sort of emerge as somebody
  • 00:13:17
    who really has a particular knack for this kind of work.
  • 00:13:22
    [Narrator] Yep.
  • 00:13:22
    Sometimes the error-finders end up as system designers.
  • 00:13:26
    [Ezequiel laughs]
  • 00:13:28
    It's a journey Knuth might appreciate.
  • 00:13:30
    [♪ dramatic music ♪]
  • 00:13:31
    Today, engraved in the entry way of his home
  • 00:13:34
    are the words of Danish poet Piet Hein.
  • 00:13:37
    "The road to wisdom?
  • 00:13:39
    Well, it's plain
  • 00:13:41
    and simple to express:
  • 00:13:44
    Err
  • 00:13:45
    and err
  • 00:13:46
    and err again,
  • 00:13:50
    but less
  • 00:13:51
    and less
  • 00:13:53
    and less."
  • 00:13:55
    A fine message
  • 00:13:57
    for the next generation
  • 00:13:58
    of software engineers
  • 00:14:00
    and the bug hunters
  • 00:14:00
    that will bring their code
  • 00:14:02
    a little closer to perfection.
  • 00:14:08
    [Director] Eduardo, we are all good.
  • 00:14:09
    Thank you so much. [Eduardo] Awesome, yeah.
  • 00:14:11
    [Director] This is wonderful.
  • 00:14:12
    [Eduardo laughs]
  • 00:14:13
    [Eduardo] All right. Goodbye.
  • 00:14:14
    Have a nice day. [laughs]
  • 00:14:16
    [light switches off]
  • 00:14:26
    [♪ anthemic music ♪]
  • 00:14:27
    [Tim] Zero-day is a type of vulnerability in a system
  • 00:14:30
    that attackers know about
  • 00:14:32
    but defenders don't.
  • 00:14:33
    [Royal] And so we're gonna dedicate a team
  • 00:14:35
    to finding
  • 00:14:36
    the hardest-to-find vulnerabilities
  • 00:14:38
    and get them fixed before they're abused.
  • 00:14:40
    [Parisa] At Project Zero,
  • 00:14:41
    we rigorously,
  • 00:14:42
    ruthlessly
  • 00:14:44
    break the internet.
  • 00:14:44
    [Natalie] My motto is “Hack Everything.”
  • 00:14:47
    [Tim] The weakest point for Google
  • 00:14:48
    might be a non-Google product.
  • 00:14:50
    The implant allowed them to pull chat history,
  • 00:14:53
    photos,
  • 00:14:54
    GPS locations.
  • 00:14:55
    [Sen. Fred Thompson] Within 30 minutes,
  • 00:14:56
    the seven of you could make the internet unusable
  • 00:14:58
    for the entire nation.
  • 00:14:59
    [Tim] If the company doesn't fix the bug in 90 days,
  • 00:15:01
    we put it all online.
Etiquetas
  • Donald Knuth
  • The Art of Computer Programming
  • bug bounty
  • software security
  • Google
  • vulnerability
  • hackers
  • algorithm
  • computer science
  • programming