Pwn2Own Contest Puts Bounty on Browser Vulnerabilities
Dog the Bounty Hunter, known for his shirtless leather vest approach to dressing and his less than tactful approach to apprehending bail jumpers, may not be ready for the next round of bounties coming down the pike. This year, at the CanSecWest in Vancouver, companies like HP and Google are offering rewards for hackers and research teams who can exploit zero-day vulnerabilities within the most common browsers.
|Pwn2Own Contest Puts Bounty On Browser Vulnerabilities|
This contest, known as Pwn2Own, has been an annual event at CanSecWest since 2007. Though in past years it has been criticized for randomly drawing participants and removing browsers once it had been exploited, this year the browsers will be fair game until the end with points awarded to the participant for each successful attack. In addition, the prize money offered is substantially larger, paying out $60,000 for first place, $30,000 for second and $15,000 for third. Google will also offer strictly Chrome based awards, paying $20,000 for a successful sandboxed exploitation and $10,000 for other unique attacks.
The goal of Pwn2Own, of course, is to find the vulnerabilities so they can be patched in the future. Though some may take issue with this methodology, it’s common practice these days. As has been said far too many times in literary history, it takes a criminal to catch a criminal. This is simply the software version of hiring an ex theif to expose the weaknesses in your home security system. And while I hope none of the participants come with Dog’s cliche catch them then try to recuperate them in the backseat of his car methodology, the increased prize money is sure to attract a plethora of hacker bounty hunters.