It’s no secret that Google has taken great interest in the security of their Chrome browser. They have gone to great lengths to provide users with the most secure experience while browsing as they possibly can, and they do this in part by holding an annual competition every year called Pwnium, which gives users one full day during the CamSecWest conference to present any exploit findings in Chrome that Google may have missed themselves. The reward? A large sum of cash for the hard work and efforts put forth in helping to make Google’s browser more secure. Google is changing things with Pwnium though and turning this once a year opportunity into something that can be done all year round.
The reason Google is making this change is because they feel it will do more to foster a drive for hackers to present findings of bugs or exploits when they find them, as opposed to sitting on the information until the annual contest. So, the changes are all about better security, which actually makes a lot of sense given that the rewards(which are now up to $50,000 for the top reward)are available all year. Google also stated that their researchers had been requesting the ability to find and present bugs as a year round affair as opposed to just once a year on a single day. Google saw the demand for this opportunity and in addition to it moving Chrome towards better security for everyone, it was something that was constantly being requested.
As part of this change, Google will be altering somethings to the Pwnium competition, first and foremost, terms for registration requirements. Essentially with this change, there are no longer any restrictions for submitting bug chains to be eligible for the reward money. Security researchers can submit bugs when they find them any day of the week, all year long. Also, as explained briefly above Google has removed the incentive to sit on bugs until the competition date just so researchers could be eligible for the reward money, which in the long run really helps no one as it potentially keeps Chrome open to more security flaws. That’s also assuming that no one else has found the same bug. This way, if researchers feel they may have found something first they have an incentive to present things immediately instead of waiting. This is certainly a better solution to Chrome’s potential security woes, should researchers find any.