From the 'Wanted Alive' files:
The PWN2OWN hacking competition has been rewarding security researchers for finding flaws in web browsers for years, but never like this.
For the 2011 iteration of the contest, Google is upping the ante by offering $20,000 to the security researcher that can successfully demonstrate a security flaw in Google Chrome.
Yeaah, they've got guts (and brains too).
Now I know what you're thinking - it's not that hard to hack a browser by way of plugins right? Well that's true, and Google won't consider those to be flaws worth $20,000 either.
"On day 1, Google will offer $20,000 USD and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code," the PWN2OWN contest rules state. "If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope."
With a $20,000 bounty, the best in the world will turn their attention to Chrome in an attempt to exploit it.
The end result will be that Chrome will be more secure, whether or not researchers find a flaw or not. If they find a flaw, the competition rules require the flaw to remain private until Google discloses the flaw. If researchers can't find a flaw -- well then, that would give Google some serious bragging rights.
Either way, Google wins.
More information
http://www.guarforum.net/gsmreport/showthread.php?t=112217
No comments:
Post a Comment