How does brainstorming look like for a team like Google's "Project Zero"

Question

The question is not necessary about technical details but more broad. I'm fascinated by the creativity involved in this process.

Since the news of Meltdown/Spectre I was wondering: How do teams like Project Zero come up with ideas to find 0-day exploits? Especially if we think of the ones mentioned which were there for decades.

Do they come in in the morning, get their coffee and say: "What would be the worst thing that could be exploited? Lets target the CPU!". And then spend an enormous amount of time studying it?

Or is it something like a coincidence: "While developing some tool I accidentally read some memory and I wondered why I was allowed to do this..."

I guess if you have a team dedicated to exploits, they wouldn't go after something by pure chance.

Edit: I'm not sure if it is a duplicate of this question. The reason: I'm not asking about the techniques of finding the exploit. It is more general: How do they even decide on a possible "victim" software. As far as I understand Project Zero, they generally try to find exploits - no matter where.

Maybe @Overmind is right though and it is too broad to ask such a question.

Answer 1

Your question is too broad and not really related to security, but as a general rule, if you want to discover unique things, you must follow the special path of out-of-box thinking.

From a team's leadership perspective, each opinion is considered, each scenario checked no matter how strange it may seem. If fact, the strangest the idea, the higher the priority it should have.

From a team member's perspective, you must do exactly what noone else expects, tries or even thinks to do.

So a bunch of very good people are not enough, not even close to enough. You need members that are used to innovations, you need them to work both as a team and independently and you need to properly lead them.