|Google Announces More Cash For Security Bugs|
|Written by Andrew Johnson|
|Thursday, 16 August 2012|
Google has announced Pwnium2 and has increased the level of bonuses it pays through its Chromium Vulnerability Rewards Program.
Thanks to the efforts of security researchers, Chromium has become more secure - but this also mean that finding security holes has become more difficult. Google has therefore decided to add a bonus of $1,000 or more on top of the amounts already on offer to those who report exploitable bugs. It has already retroactively awarded a bonus of $3,000 to demonstrate how the updated scheme will work.
The Chromium Vulnerability Rewards Program is ongoing and awards sums of up to $10,000 but there are bigger prizes on offer for Pwnium2. In the blog post announcing the new contest, which will take place in conjunction with the Hack In The Box 10 year anniversary conference in Kuala Lumpur, Malaysia, Google's Chris Evans writes:
This time, we'll be sponsoring up to $2 million worth of rewards
and explains that the reward levels are closer together than previously to reflect the fact that any local account compromise is very serious.
There are three set levels with multiple awards on offer:
An indeterminate amount of money will also be awarded at the panel's discretion for "incomplete exploits" ones that are not reliable, or have an incomplete exploit chain. For example, code execution inside the sandbox but no sandbox escape; or a working sandbox escape in isolation.As Evans explains:
For Pwnium 2, we want to reward people who get "part way" as we could definitely learn from this work. Our rewards panel will judge any such works as generously as we can.
At the first Pwnium contest, for which Google had offered up to $1million, Google actually handed out $120,000. It has given security researchers more notice for this second event and doubled the available prize money. We'll discover in October what the outcome is.
or email your comment to: firstname.lastname@example.org
To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin, or sign up for our weekly newsletter.
|Last Updated ( Thursday, 16 August 2012 )|