Google Challenges Hackers to Native Client Security Contest

Google is hosting a contest to get its hands on security flaws affecting its Native Client technology.

Native Client is an open-source research technology for running x86 native code in Web applications. As an incentive, Google is offering five cash prizes, the largest of which is $8,192. Second place is $4,096, third is $2,048 and both the fourth and fifth place prizes are $1,024. All amounts are in U.S. dollars.

“We launched this contest in order to help make Native Client more secure,” Google officials wrote in a statement. “We invite participants to discover security bugs in our technology in order to compete to win cash prizes.”

The judging will be led by Princeton professor Edward W. Felten, and will include judges from the University of Michigan, Harvard, Rice, MIT, the University College of London and the University of California San Diego.

To participate, contestants must register and accept the terms and conditions outlined by Google. Contestants may then download the latest build of Native Client and begin attacking it. Each participant must submit at least one issue in the “Native Client Issue Tracker” that describes an exploit and includes information detailed in the “Issue” section of the contest’s Terms and Conditions document.

Contestants will only get credit for exploits their team report first. Before the end of the contest, participants will need to submit a summary with the top 10 exploits they have identified. The judges will review the submitted summaries and select the top five contestants.

The contest will end just before midnight Pacific Time on May 5.