Discussion in 'other security issues & news' started by Hungry Man, Feb 27, 2012.
Google puts $1M on the line for Chrome exploit rewards
Pulls out as Pwn2Own sponsor, but will pay up to $60K for each proven exploit
"We decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits, or even all of the bugs used, to vendors," said Chris Evans and Justin Schuh, two members of the Chrome security team, in a Monday post to the Chromium blog. "Full exploits have been handed over in previous years, but it's an explicit non-requirement in this year's contest, and that's worrisome."
Re: Google puts $1M on the line for Chrome exploit rewards
Not revealing exploits is a deal breaker - at that point pwn2own becomes a game that only hurts security - fun, but you get exploits being sold off later.
Nice that Chrome exploits will still see these prizes.
Merged Threads to Continue Related Topic.
I don't understand this from here:
So how is the fix to be done?
Anyway, events have shown that at least one guy did participate.
Google gets like 20 bounties a month from white-hats for wayyyy less money. The nice part about pwn2own is the guy who just broke Chrome's sandbox now has his name out there and a nice 60k to boot.
Separate names with a comma.