When the hacker event Pwn2Own opens next month Google will participate in a new way. Instead of sponsoring the even it will host its own competition – with up to one million dollar to the one who cracks the Chrome browser.

Pwn2Own is a competition where hackers get a chance to show their skills on various software, like operating systems, browsers and other applications, and win prizes while doing so. In return the developers gets a chance to find security holes in their software and fix them as soon as possible. Google has sponsored the event since 2009, but changes in the rules has made the company change its own participation

”We decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits, or even all of the bugs used, to vendors.[…]Full exploits have been handed over in previous years, but it’s an explicit non-requirement in this year’s contest, and that’s worrisome,” Chris Evans and Justin Schuh, Chrome security team at Google

The change of rule Google points to was made clear in a Twitter update by ZDI (Zero Day Initiative, a biug finding initiative from HP TippingPoint), that is is the main sponsor and arrange the event. In the update it was concluded that the participant only needed to hand in a report to the develop if they win a competition – if they succeed in finding security holes, but if they don’t win they can keep the information to themselves, which Google thinks is a serious security flow in the competition.

Instead Google has decided to hold its own competition parallel to Pwn2Own at the computer security conference CanSecWest. Unlike previous competitions, where Google promised a reward up to 20,000 dollar for an exploit that builds on only Chrome in Windows, Google now offers 60,000 dollar for the same achievement. It also offers 40,000 dollar for an exploit that builds on Chrome together with holes in other software, such as in Windows itself. Google has put a roof at one million dollar though, so those who wants to cash in better do it fast.

To prevent that an exploit found in Google’s competition is used in Pwn2Own all participants have to present their exploits to Google, no matter if they win or not.

Source: ComputerWorld

Leave a Reply

Please Login to comment
  Subscribe  
Notifiera vid