As security takes the spotlight, hackers are often touted as being both smarter and faster than the average white hat. Google isn’t afraid to admit this and wants to pay up to $2 million in prizes for devastating exploits — no matter what hat you wear.
The company announced yesterday that it will award up to $2 million in prizes at the Hack in a Box conference in Kuala Lumpur to hackers who can deliver exploits and bugs associated with its Chrome Browser. The contest is called the Pwnium competition — a play on the words “pwn,” slang to take total control of something, and “Chromium,” a reference to the element Google’s Web browser is named after.
This is the second Pwnium competition Google has held. Last year, however, the company offered only $1 million in prizes.
Prizes are awarded in different levels. Those who find a “full Chrome exploit” get up to $60,000. A $50,000 prize is given to those who find a “partial exploit,” or have to use bugs in software Chrome may use but is not directly developed by the Chrome team.
A panel of judges will reward those who get part of the way but can’t make it to a full exploit. All exploits must be full documented, meaning you’ll need to record the steps you took to find the exploit. Google may also want you to demonstrate the way you found it as well.
The search giant recently changed its regular bug-reporting payment structure and is now offering $1,000 bonuses if an exploit or bug proves to be particularly valuable. That is, Google will shell out the extra cash after the fact if it turns out you poked a bigger hole than originally thought.
Forbes makes a good point in that, while Google and other companies such as social network Facebook offer cash incentives, there are much bigger entities with much deeper pockets. Governments and the police are willing to pay a lot more money for a bug that may be used to that entity’s benefit.