Google wants to buy Native Client security flaws

Google is (indirectly) buying security vulnerabilities from white hat hackers.

Under the guise of a Native Client Security Contest, the search engine firm is offering big cash prizes to hackers who find bugs and other security flaws in the open-source research technology for running x86 native code in Web applications.

[ SEE: Android security team appeals to hackers ]

From the contest FAQ:

  • To participate, you will need to test the Native Client builds, identify security exploits which affect the current Native Client build at the time of submission and report them to our team. Our judges will review your entry. If you are one of the top five participants selected by the judges and satisfy the requirements for eligibility, then you will win a cash prize.

The judging will be led by Princeton University’s Ed Felten.

The first prize is $8,192, the second prize $4,096, the third prize is $2,048, the fourth prize is $1,024 and the fifth prize is $1,024. All amounts are in USD.

At least one exploitable defect is already publicly known.

[Source: zdnet]