In competition, each serious defect found worth U.S. $ 60 000.
Participant must find a loophole and exploit it.
Google announced that this year will not sponsor the competition, Pwn2Own contest which held since 2007 that pays participants for each fault found in new systems update and security.Instead, the company will make a “tournament” itself in the CanSecWest, a conference inCanada where there is the Pwn2Own, paying $ 60,000 for each serious defect that is explored in your browser, Chrome. Total values ??may be paid up to $ 1 million, according to Google.
Pwn2Own The name is a pun on the word “own” which, when written as “pwn” may be used in the context of “compromise a system.” Besides the prize money, competitors who exploit the loopholes in the systems make computers used – hence the name of the competition.
Google was a sponsor of the previous edition of the Pwn2Own, being responsible for paying participants who discovered a bug in Chrome. In 2011, despite the awards, no fault was explored in the browser. This could be repeated this year, as a rule change in the edition of 2012 exempts the researchers failed to disclose the manufacturer of software used if the error is not successfully exploited. With this, Google would not know the failure, which the company said it was “worrying.”
Google’s response was to organize a competition itself. There are three categories: U.S. $ 60 000 for exploited flaws in Chrome, $ 40 thousand for attacks that rely on flaws in Chrome as well as flaws in Windows or WebKit (software used by Chrome) and $ 20,000 in attacks that depend only faults of others, such as Flash and Windows, but which are operated from Chrome.
Participants who successfully undertake the browser will also get a Chromebook, the notebook that uses the Google Chrome OS system.
Google already has a program that rewards those who find flaws on websites or software company, but the values ??are lower. The difference is that in order to enter the competition CanSecWest held in the gap to be used successfully to an attack, which is more difficult. Normally, Google pays only for the information about the failure, not how to exploit it.
The CanSecWest occurs on 7-9 March in Vancouver, and will include both the Pwn2Own, organized by TippingPoint, HP, and competition from Google.