Google offers 'INFINITY MILLION DOLLARS' for bugs in Chrome
Pwnium challenge goes 24/7 to flush out bug-hoarders
Google is vastly expanding its popular annual Pwnium hack fest, by allowing hackers to vie try for limitless amounts of cash every day of the year.
The contest was previously held once a year at the CanSecWest conference in Canada, with millions in cash on offer to hackers who can take the shine off its Chromium project.
The Choc factory now wants hackers to submit their bad bugs and exploit code as soon as it surfaces, rather than hold it off for the one-day event.
Chrome security hacker philanthropist Tim Willis says the “never-ending Pwnium” will cut down barriers for entry and incentives for bug hoarding.
“We’ve received some great entries over the years, but it’s time for something bigger,” Willis says.
“Starting today, Pwnium will change its scope significantly, from a single-day competition held once a year at a security conference to a year round, worldwide opportunity for security researchers.
“For those who are interested in what this means for the Pwnium rewards pool, we crunched the numbers and the results are in: it now goes all the way up to $∞ million.”
That infinity million was grounded by the top reward for any one bug being US$50,000, the lowest offering US$500.
He says hackers with “Pwnium-quality” bug chains would likely hoard the report to claim a cash reward at the risk that code changes may require them to rework their efforts.
Hackers too requested that they be able to report whenever they like through the Chrome Vulnerability Reward Program, Willis said.
Willis did not specifically rule out the one day CanSecWest contest although it appeared likely. ®