Most software companies have learned to grudgingly cooperate with researchers who expose security vulnerabilities in their products. Google, lately, seems positively excited to see its products taken to pieces by skilled hackers.
At the Pwn2Own contest next month, Google will offer $20,000 to the first security researcher who can gain full control of a laptop running its Chrome Browser, a task that requires defeating the software’s sandbox protections, measures designed to isolate an attack within the browser and prevent it from accessing the rest of the machine’s operating system. The contest, run annually by security firm Tipping Point, now owned by Hewlett-Packard, will offer a total of $125,000 in cash to hackers who can be the first to hack various machines including laptops running Apple’s, Microsoft’s, Google’s and Mozilla’s browsers, as well as mobile phones that will include the iPhone 4, BlackBerry Torch, Dell Venue and Nexus S. Successful contestants also walk away with whatever device they managed to hack.
But this year represents the first time Google has added its own bounty to that program, likely making Chrome the prime target of the contest–and, in theory, helping to keep the browser safer from real-world attacks, as all Pwn2Own hacks are disclosed to the software’s vendor before they’re released to the public. “Kudos to the Google security team for taking the initiative to approach us on this,” reads a statement on Tipping Point’s blog. “We’re always in favor of rewarding security researchers for the work they too-often do for free.”
The Chrome prize is only the latest in a string of incentives from Google for anyone who can demonstrate security flaws in its products. In January of last year, it launched a bug-buying program to pay as much as $1,337 for information about critical security bugs in its browser. Within six months, it upped that maximum payout to $3,133.70. (Both numbers contain a coded reference to the word LEET, or “elite” in hacker jargon.)
Then in November Google extended those rewards to its Web applications including YouTube, Blogger and Gmail, and soon after announced that it planned to award the first $20,000 for vulnerability information in those programs.
(this is not the end of the article, please read on at blogs.forbes.com)
Read the full article/original here: blogs.forbes.com
By: Andy Greenberg
Tags: Apple, blog SaaS, bug-buying program, chrome browser, dell, google, hackers, Microsoft, mozilla, pwn2own contest, safari, tipping point
No comments:
Post a Comment