Since 2010, Google has participated in Pwn2Own, a security contest run by HP. It is a software hacking competition held annually at the CanSecWest security conference. Participants are challenged to exploit popular software and mobile devices to discover previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash reward. This allows the software developers to patch up the bugs and make it more secure for the users.
Over the last few years, Google’s web browser Chrome has remained unhackable, where other browsers like Safari and Internet Explorer could not stand the barrage of hacking attempts.
This was true until this year when a Russian University student hacked the Chrome browser and discovered a previously unknown flaw in the Chrome sandbox – a restriction placed in the software which doesn’t allow the hacker to get access to the user’s computer, even if the browser is compromised.
Although Chrome’s record of being hack-proof was tarnished, it did benefit the company as well as its users. Google went ahead and patched up this vulnerability within 24 hours once the exploits were demonstrated.
What is the point of these contests?
Google has invested significant time in doing security research for its various products. It is a core tenet of Chromium, which is why they sponsor, participate and hold regular competitions to learn from security researchers. Google holds its own version of this contest called as “Pwnium” where it offers cash prizes for Chrome specific exploits.
The precise amount of the reward will depend upon the type of permissions and data handled by the extension or the app in question, so it can range from as little as $500 up to $10,000.
This is the current reward structure:
Open source software like Apache httpd, nginx, OpenVPN, Open SSL, Mozilla NSS, Linux kernel etc. are part of this program. The rewards for this program are similar to the contest mentioned above.
To know more about what’s on offer, how you can get involved and other details check out the announcement on the Google Online Security blog.
Images: technorms
The Original Article is Published at Technorms Here
Have something to add to this story? Share it in the comments.
The $10000 Competition
Google has now decided to broaden the scope of their vulnerability rewards program to include all Chrome apps and extensions developed by the company. Although Chrome extensions are pretty secure (if the security guidelines are followed) but hugely popular extensions like hangouts and Gmail needs special attention. That is where this $10,000 reward comes in.The precise amount of the reward will depend upon the type of permissions and data handled by the extension or the app in question, so it can range from as little as $500 up to $10,000.
This is the current reward structure:
- $10,000 for complicated, high-impact improvements that almost certainly prevent major vulnerabilities in the affected code.
- $5,000 for moderately complex patches that provide convincing security benefits.
- Between $500 and $1,337 for submissions that are very simple or that offer only fairly speculative gains.
Open source software like Apache httpd, nginx, OpenVPN, Open SSL, Mozilla NSS, Linux kernel etc. are part of this program. The rewards for this program are similar to the contest mentioned above.
To know more about what’s on offer, how you can get involved and other details check out the announcement on the Google Online Security blog.
Images: technorms
The Original Article is Published at Technorms Here
Have something to add to this story? Share it in the comments.
0 comments Blogger 0 Facebook
Post a Comment