[3] While the idea for Project Zero can be traced back to 2010, its establishment fits into the larger trend of Google's counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden.
[4] Other notable members include security researchers Ben Hawkes, Ian Beer and Tavis Ormandy.
The team's focus is not just on finding bugs and novel attacks, but also on researching and publicly documenting how such flaws could be exploited in practice.
[7] The 90-day-deadline is Google's way of implementing responsible disclosure, giving software companies 90 days to fix a problem before informing the public so that users themselves can take necessary steps to avoid attacks.
[7] There have been cases where the vendor does not produce any solution for the discovered flaws within 90 days, before the public disclosure by the team, increasing the risk to already-vulnerable users.