When Apple launched the iPhone through an exclusive partnership with AT&T in 2007, seventeen-year-old George Hotz wanted to use an iPhone but not with AT&T. He wanted to make calls through hsi own T-Mobile network, so he cracked AT&T’s lock on the iPhone. Apple scrambled to fix the bug that allowed this, but offcially ignored George Hotz.
Later in 2011, Hotz reverse engineered the Playstion 3 and posted a copy of the root keys on his website. Snoy sued him but settled after Hotz promise never to hack Sony products again.
Then in early 2014, at Google’s hacking competition, Hotz discovered a security hole in Google’s Chrome OS. The company gave him $150,000 reward. Two months later, Google’s security engineer Chris Evans offered him a position in a team of elite hackers. George Hotz accepted the offer and now workds for Google’s security team Project Zero.
Project Zero worked in secret until Google publically revealed the team in July 2014. Its sole mission is tracking down and getting rid of security flaws in the world’s software. These flaws are called zero-day vulnerabilities, which are a common target of cyber criminals.
Project Zero’s hackers aren’t just looking into the products that Google makes. They are free to hack any software in the world. Why? They want to make a safer Internet for everyone. The team’s plicy is simple. The team notifies vendors of vulnerabilities immediately, If fixes are not available within 90-days, bug reports automatically become available to the public. The 90-day diclosure policy appears to be working in most case. The Adobe Flash team fixed 37 Project Zero vulnerabilities(for 100%) within 90-day period. The Project Zero blog indicates that 85% of all velnerabilities are patched before the deadline.
However, recently Google’s strict 90-day policy came under fire form Microsoft and Apple. The Project Zero ream publicly disclosed bugs which were present in Windows 8.1 and MacOS X before Microsoft and Apple released patches. Microsoft heavily criticized Google since the company was scheduled to realese a patch just two days later. Recently Google loosened its 90-day policy with an additional 14-day grace period. Now vendors have an addtional 14 days to patch vulnerabilities as long as the inform Google of the release schedule before the deadline.
“People deserve to use the Internet without fear that vulnerabilities out there can ruin their privacy with a single website vistit. We’re goting to try to focus on the supply of these hight value vulnerabilities and elimnate them.” says Evans.
句式3为【主语 + 动词（vt） + 宾语】
句式4为【主语 + 动词 + 宾语（间接宾语） + 宾语（直接宾语）】
The company gave him a reward.
Chris Evans offered him a position.
The team notifies vendor of vulnerabilities.
中国式英语：The team notifies vendosrs vulnerablities.(X)
They inform Google of the release schedule.
中国式英语：They inform Google the release schedule.(X)
The team disclosed bugs. They were present in Windows 8.1.
The team disclosed bugs that were present in Windows 8.1.
The team disclosed bugs which were present in Windows 8.1.
The hackers are looking into the products. Google makes them.
The hackers are looking into the products that Google makes them.
The hackers are looking into the products which Google makes them.
熟悉关系代名词引导非限定性定语从句。这类词用于补充说明前文的内容。关系代名词前面加（,）可以理解为【连接词 + 代名词】，也是关系代名词引导非限定性定语从句和关系代名词引导限定性定语从句的区别，后面我们慢慢探索和掌握
These flaws are called zero-day vulnerabilities, and they are a common target of cyber criminals.
These flaws are called zero-day vulnerabilities which are a common target of cyber criminals.