Google asks to be exploited!
Google has issued a challenge, in the form of the Native Client Security Contest, for coders to find security holes in Native Client, their open source research technology for running x86 native code in web applications.
Starting from Wednesday the 25th of February and running for the next ten weeks (ends May 5th), the contest offers the possibility of substantial cash prizes, up to $8,192, to those who can craft an successful exploit for Native Client. Google points out that, in addition to the cash prizes, originators of working exploits will also, of course, gain the attention of leading security experts.
To take part contestants must register either as an individual or team, then download the latest build and attack it to find security holes. Any holes found should be reported by entering the exploit on Google’s Native Client Issue Tracker web site using the "Security Contest Template" and credit will go to the first report of a specific issue.
Google don't mention if the Google development team will continue to close security holes, or if the Native Client build will be frozen, during the duration of the contest.
All entries will be reviewed by a panel of experts, chaired by Edward Felten of Princeton University who will select the five eligible entries with the most high-impact bugs. These winners will receive cash prizes to complement the kudos. The competition is subject to Google's published terms and conditions.
(trk)