Pwnium: rewards for exploits

Discussion in 'other security issues & news' started by Hungry Man, Feb 27, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    http://blog.chromium.org/2012/02/pwnium-rewards-for-exploits.html


     
  2. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Google puts $1M on the line for Chrome exploit rewards

    Pulls out as Pwn2Own sponsor, but will pay up to $60K for each proven exploit
    "We decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits, or even all of the bugs used, to vendors," said Chris Evans and Justin Schuh, two members of the Chrome security team, in a Monday post to the Chromium blog. "Full exploits have been handed over in previous years, but it's an explicit non-requirement in this year's contest, and that's worrisome."
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Re: Google puts $1M on the line for Chrome exploit rewards

    Not revealing exploits is a deal breaker - at that point pwn2own becomes a game that only hurts security - fun, but you get exploits being sold off later.

    Nice that Chrome exploits will still see these prizes.
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,981
    Location:
    U.S.A.
    Merged Threads to Continue Related Topic.
     
  5. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    I don't understand this from here:
    So how is the fix to be done?
    Anyway, events have shown that at least one guy did participate.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Google gets like 20 bounties a month from white-hats for wayyyy less money. The nice part about pwn2own is the guy who just broke Chrome's sandbox now has his name out there and a nice 60k to boot.
     
Loading...
Thread Status:
Not open for further replies.