There are two ways to deal with security breaches. You can wait until a vulnerability is discovered or already exploited and then act fast to find a way to correct it, or you can act in a more proactive way and ask hackers to find the breaches in advance so all the fixes can be done before any security breach is exploited. Google decided to go with the second option and wil sponsor the next Pwnium hacking contest with $2 million in reward money. The total will be split the following way:
- $60,000 for those who will be able to take control of a Windows computer using only a Chrome breach,
- $50,000 for those who will be able to take control of a Windows computer using a Chorme breach together with other Windows breaches,
- $40,000 for those taking control through a breach outside Chrome, for example in Flash, Java, Winidows...,
- the jury will also reward the discovery of other breaches that don't allow the hacker to directly take control of the computer, but could help preventing problems down the road, with the amount of prize money decided by the jury on a case by case basis.
Thanks to these rewards, Google will give incentives to hackers to show the vulnerabilities instead if exploiting them or selling them to others who could use them in 0 day attacks, before they are discovered by Google.