Google offers $20,000 prize in annual hack-off The annual Pwn2Own hacking contest has been so merciless at thrashing the security of popular computing products that most vendors groan when they learn their wares will be entered. Not Google. When the search company recently learned that its Chrome browser wasn't going to be included in this year's competition, which is …
I often retreat to my big latex room with gossamer-thin walls, in order to concentrate. I'm not sure if its the total inability to block out sound that does it, for me, or the banana-flavoured liquid that periodically drips from the ceiling.
I think this simile deserves to go up on the Great Wall of Bad Computer similes - somewhere in between 'Any Car Analogy' and the BBC's infamous "CPU is like the brain of a computer".
This is a brilliant way to validate a products security. When there is actual money on the line (plus the more onerous and embarrassing press coverage if flaws are found) corporate programmers are motivated to do a good job before release.
White hat hackers now have a forum to grow in talent/experience and make a few bucks to boot.
When flaws are found the companies are there to understand the issues instantly and they can be fixed quickly and economically as well. Thumb up lads. Keep it up.
This is a marketeering excercise. Every bounty is good publicity, and as marketeering budgets go, this is pocket change. Especially for ad giant google, who sit on a lot of cash but are limited in how much they can use their own ad delivery systems to promote themselves; it might easily backfire and cost them sales and credibility elsewhere.
Besides, the original was a marketing excercise too, for tipping point. The reason chrome was first excluded ("it's webkit based") is reasonable sounding bunk as the sandbox feature ought to've made it extra interesting if it _was_ about the security. But it wasn't.
Why this cannot be about security is equally simple: As a concept for securing applications, finding holes and plugging them before somebody else finds them and abuses them is, if you look at the probabilities, a losing game. We know that, the IT security showbiz knows that, but nobody is going to stop because the money's too good and it gives more tangible "results" than just writing proper code in the first place. (Banks and "due dilligence", anyone?) Even if at the end of the day that fresh patch means very little indeed in the greater scheme of securing the application.
So this is a bit of a ballsy move for google to hijack tipping point's show like that, but all the more effective for all that. I wouldn't be surprised if another fat envelope was passed backstage to sweeten the deal some more. What this'll mean for firefox --recall where mozilla gets the bulk of its income from-- in the long term remains to be seen.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
