Google boosts bug bounty

Powered by SC Magazine
 

Cash prizes double.

Google will raise the value of prizes at its next Pwnium competition to be held at the upcoming Hack in the Box conference in Malaysia.

The company will increase the bounties it pays researchers who discover vulnerabilities in Chromium, the open-source framework on which the Chrome web browser is based.

It will hand out $2 million in payoffs at the hacking conference including $US60,000 for researchers who pull off a "full Chrome exploit," which involves an attack that leverages only vulnerabilities in the Chrome browser.

The internet giant also is giving away $US50,000 for a "partial Chrome exploit," which requires the use of bugs in third-party software.

"Exploits should be demonstrated against the latest stable version of Chrome," Google software engineer Chris Evans said.

"Chrome and the underlying operating system and drivers will be fully patched and running on an Acer Aspire V5-571-6869 laptop (which we'll be giving away to the best entry.) Exploits should be served from a password-authenticated and HTTPS Google property, such as App Engine. The bugs used must be novel i.e. not known to us or fixed on trunk. Please document the exploit."

Google launched the Pwnium contest in March at the CanSecWest hacker conference in Vancouver, at which it offered $US1 million in prizes.

It also announced it is adding $US1000 to its base bounty for Chromium vulnerabilities, doubling the previous value.

Evans said the company is augmenting the reward because it has noticed a dip in submissions to the bounty program, which launched in January 2010.

"This signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger," he wrote.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Google boosts bug bounty
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 327

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 136

Vote