Google scraps annual Pwnium bug-hunting contest

Google scraps annual Pwnium bug-hunting contest

Google said the change will prevent researchers from holding onto dangerous bugs in order to claim a big prize

Google is scrapping Pwnium, its annual bug hunting event, and folding it into an existing year-round program in part to reduce security risks.

The company held Pwnium annually at CanSecWest, a security conference in Vancouver, to find security problems in its Chrome OS, Chrome browser and affiliated applications.

But Tim Willis of the Chrome Security Team wrote in a blog post that the annual event isn't best for either researchers or the company.

"If a security researcher was to discover a Pwnium-quality bug chain today, it's highly likely that they would wait until the contest to report it to get a cash reward," Willis wrote. "This is a bad scenario for all parties. It's bad for us because the bug doesn't get fixed immediately and our users are left at risk."

It also increased the chance that the same bug might be submitted by more than one researcher, he wrote. Researchers had to attend the conference as well.

Now, researchers who find bugs in Chrome products can submit them under the Chrome Reward Program, Willis wrote, which has been around since 2010.

Awards range from a minimum of $US500 up to $US50,000, with an unlimited reward pool. But Willis cautioned that Google's lawyers say the program is "experimental and discretionary" and could be cancelled or modified.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the CIO New Zealand newsletter!

Error: Please check your email address.

Tags GooglesecurityExploits / vulnerabilities

More about Google

Show Comments