Google: “Break Our Code, Get a Million Bucks”

(H/T Mash­able)

Well, not really a mil­lion dol­lars, but I like where Google’s going with this idea.  It’s crowd-sourcing a search for flaws in their Chrome web browser (I don’t typ­i­cally use Chrome, I pre­fer Fire­fox) and giv­ing away cash money to those who either find the most bugs, or able to bring the sys­tem down completely.

Think of it as a use­ful way for hack­ers across the planet to make an hon­est liv­ing for once with­out hav­ing to work for the FBI’s cyber-division.

The com­pany told atten­dees at the CanSecWest secu­rity con­fer­ence in Van­cou­ver next month they can get up to $1 mil­lion in cash and Chrome­books in exchange for reveal­ing the flaws.

The aim of our spon­sor­ship is sim­ple: we have a big learn­ing oppor­tu­nity when we receive full end-to-end exploits. Not only can we fix the bugs, but by study­ing the vul­ner­a­bil­ity and exploit tech­niques we can enhance our mit­i­ga­tions, auto­mated test­ing, and sand­box­ing. This enables us to bet­ter pro­tect our users,” the Google Chrome secu­rity team wrote in a blog post.

The prizes include the fol­low­ing cat­e­gories, and mul­ti­ple rewards can be issued per category:

$60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account per­sis­tence using only bugs in Chrome itself.

$40,000 – “Par­tial Chrome exploit”: Chrome / Win7 local OS user account per­sis­tence using at least one bug in Chrome itself, plus other bugs. For exam­ple, a WebKit bug com­bined with a Win­dows sand­box bug.

$20,000 – “Con­so­la­tion reward, Flash / Win­dows / other”: Chrome / Win7 local OS user account per­sis­tence that does not use bugs in Chrome. For exam­ple, bugs in one or more of Flash, Win­dows or a dri­ver. These exploits are not spe­cific to Chrome and will be a threat to users of any web browser. Although not specif­i­cally Chrome’s issue, we’ve decided to offer con­so­la­tion prizes because these find­ings still help us toward our mis­sion of mak­ing the entire web safer.

Google has said so far had a spot­less record for Chrome at past con­tests of hacker.  Most of this has noth­ing to do with the Chrome prod­uct, but mostly because hack­ers are too busy break­ing into and exploit­ing Microsoft’s Inter­net Explorer, Mozilla’s Fire­fox, and Apple’s Safari browsers.

The main rea­son Google is offer­ing the money is not to see if some­one can find the break their browser, but so that it can find the bugs which can then be fixed by Google after they’re found.

The catch to sign­ing up for the con­test; you have to reveal your hacker secrets to Google.  That might be too hard to do for many com­puter hack­ers to do, even with the cash prizes.

Be Socia­ble, Share!
  • steveegg

    Google’s just look­ing for new employees/techniques so it can con­tinue to spy on everybody.

  • Bill Clement

    I’ve been using Chrome. The lat­est incar­na­tion of Fire­fox wouldn’t let me log into yahoo for some rea­son. Kept say­ing my user name was non exis­tent. I may try it again some­time down the road.