from the but-keep-stomping-them-bugs dept.
Thought other Soylents would be interested in this report I saw at IT World:
Google is scrapping Pwnium, its annual bug hunting event, and folding it into an existing year-round program in part to reduce security risks.
“If a security researcher was to discover a Pwnium-quality bug chain today, it’s highly likely that they would wait until the contest to report it to get a cash reward,” Willis wrote. “This is a bad scenario for all parties. It’s bad for us because the bug doesn’t get fixed immediately and our users are left at risk.”
Now, researchers who find bugs in Chrome products can submit them under the Chrome Reward Program, Willis wrote, which has been around since 2010.
Awards range from a minimum of US$500 up to $50,000, with an unlimited reward pool. But Willis cautioned that Google’s lawyers say the program is “experimental and discretionary” and could be cancelled or modified.
(Score: 5, Insightful) by Qlaras on Wednesday February 25 2015, @10:37PM
Perhaps move to keeping it running year-round, but once a year (or quarterly/biannually/etc) hold the 'event' and include any submissions since the last event's cutoff for inclusion?
That way there's still a summary of the last year's submissions, but we get the security fixes as quickly as they're found, fixed and tested.
(Score: 5, Funny) by tynin on Wednesday February 25 2015, @10:58PM
Have it be the Patchy Awards. Big name speakers from all of the cool Universities and Corporations. A panel of judges to grill each of the bug finders to find out how they came about finding and proving the problem. Behind the scenes heartfelt interviews with them showing real nerds with real world problems and how they are using this as a platform to continue to excel in life. A half time show with That 1 Guy vs Blue Man Group battling it out awkwardly. Finishing up with a game of spot the Feds in the crowd. Everyone gets to go home with the gift of being put on some watch list.
(Score: 1, Informative) by Anonymous Coward on Wednesday February 25 2015, @11:38PM
That actually sounded pretty awesome, except for one mistake: everyone is already on watch lists, guilty until proven innocent.
(Score: 2) by WizardFusion on Thursday February 26 2015, @02:50PM
Guilty until proven guilty by a secret court you don't know about.
FTFY
(Score: 0) by Anonymous Coward on Wednesday February 25 2015, @10:55PM
Does Google pay you if you find a security flaw in systemd? Or does it have to be one of Google's open source projects?
(Score: 2) by Adamsjas on Wednesday February 25 2015, @11:19PM
First Link says:
The company held Pwnium annually at CanSecWest, a security conference in Vancouver, to find security problems in its Chrome OS, Chrome browser and affiliated applications.
If you could use Chrome to remotely pwn Google's oan Systemd installations they would probably have you arrested.
(Score: 0) by Anonymous Coward on Thursday February 26 2015, @01:11PM
In Soviet Russia SystemD pays you to introduce security flaws!
(Score: 0) by Anonymous Coward on Thursday February 26 2015, @12:47AM
How does ego relate to both finding bugs and collecting money?