Google announced on Tuesday that it is launching Project Zero, an internal team of security specialists tasked with finding vulnerabilities in third-party software — not to exploit them, but to alert the developers and avoid the next Heartbleed. The Heartbleed bug put the whole software industry on heightened alert, and Google, Facebook, Microsoft and many others already formed a foundation earlier this year that aimed to work with popular open-source projects to audit and improve their security. Project Zero is different, though. Google says it is creating what it calls a “well-staffed team” to “significantly reduce the number of people harmed by targeted attacks.” The idea is to improve the security of any software that a large number of people depend on. To do this, Google is hiring security researchers to staff Project Zero, and it’s looking to expand its bounties for external researchers who find security bugs in third-party software.