Google: “Break Our Code, Get a Million Bucks”
Well, not really a million dollars, but I like where Google’s going with this idea. It’s crowd-sourcing a search for flaws in their Chrome web browser (I don’t typically use Chrome, I prefer Firefox) and giving away cash money to those who either find the most bugs, or able to bring the system down completely.
Think of it as a useful way for hackers across the planet to make an honest living for once without having to work for the FBI’s cyber-division.
The company told attendees at the CanSecWest security conference in Vancouver next month they can get up to $1 million in cash and Chromebooks in exchange for revealing the flaws.
“The aim of our sponsorship is simple: we have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users,” the Google Chrome security team wrote in a blog post.
The prizes include the following categories, and multiple rewards can be issued per category:
$60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
$40,000 – “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.
$20,000 – “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.
Google has said so far had a spotless record for Chrome at past contests of hacker. Most of this has nothing to do with the Chrome product, but mostly because hackers are too busy breaking into and exploiting Microsoft’s Internet Explorer, Mozilla’s Firefox, and Apple’s Safari browsers.
The main reason Google is offering the money is not to see if someone can find the break their browser, but so that it can find the bugs which can then be fixed by Google after they’re found.
The catch to signing up for the contest; you have to reveal your hacker secrets to Google. That might be too hard to do for many computer hackers to do, even with the cash prizes.