14 DAY TRIAL // The Pwnium hacking contest organized by Google each year for one day at a major security conference is no more; but the good news is that the company decided not only to preserve the purpose of the project but to sponsor it with an unlimited amount of money, all year long.
The competition was held on an annual basis at the CanSecWest security conference in Vancouver, Canada, and allowed skillful hackers to demonstrate the exploits they would find for the Chromium project.
In 2014, the prize pool was of $1 million / €890,000. Participants had to register with their findings and be present at the conference in order to get into the contest.
Prize pool is now unlimited
As per the new decision made by Google, this would no longer have to happen, and basically, security researchers from all over the world now have a chance to submit their exploits without being limited by a registration process, traveling or any unexpected trouble.
The submissions can be made to the Chrome Vulnerability Program (VRP) whenever they are ready. “For those who are interested in what this means for the Pwnium rewards pool, we crunched the numbers and the results are in: it now goes all the way up to $ [infinity] million,” Tim Willis of the Chrome Security Team says in a blog post.
Bug collision risk has been eliminated
Apart from barrier entries, Willis says that the new scheme also eliminates the possibility of bug hoarding; this was bad because there was the risk that two or more researchers made the same discovery and they would sit on it, leaving Google’s customers exposed until the exploit was revealed.
The new model eliminates these risks and pushes researchers to channel their effort to different flaws in case of bug collision. Moreover, Google gets to deploy fixes for the glitches faster.
Another reason for making the changes was that the hackers, too, wanted to have the option to report their findings all year long.
Briefly put, the Chrome VRP now receives the bug chains that would be usually reserved for the Pwnium competition, and it increases the top reward to $50,000 / €44,500.