The Pwnium vulnerability reward program, which has so far been run by Google Inc (NASDAQ:GOOGL) during various security conferences, will now be running all throughout the year. This also bodes well for security research and will offer an unlimited pool of funds for rewards.
Origins of the contest
Pwnium was basically launched on the similar lines of the famous Pwn2Own contest for hacking, held at CanSecWest every spring. However, there are certain notable differences in both these contests. While Pwn2Own rules require contestants to make available vulnerability details and crashes that lead to the process, Pwnium requires of winners to disclose all vulnerability details in Chromium, along with the exploit.
Both contests, however, have largely been successful and a huge number of vulnerabilities and attack methods have been revealed.
Will run all round the year now
Google has made Pwnium an open contest that will now run throughout the year. Also, there is no defined limit on the amount of reward money available for those vulnerability submissions that qualify.
The Internet giant says the basic reason behind this is so that security researchers do not have to hoard risky bugs, until every next Pwnium contest. Google believes that this step will also make the contest available to many more people.
Tim Willis belonging to the Chrome security team said in a blog post on Tuesday that considering a researcher discovered a highly risky vulnerability in the present day, he/she would naturally wait till the next contest to report the bug and claim the cash award. This is basically what puts users at a great risk, as the vulnerability does not get fixed immediately. Also, bug collisions can also occur among security researchers. However, with the new implementation of the contest, researchers get to immediately report bugs.
While there was a finite amount of funds available for the rewards program under Pwnium, things seem set to change now. With the contest being open all year, there will be no such cap on the amount of money available for rewards. Willis mentioned how the rewards pool had just gone up to $∞ million.