Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Google Developer Competition Aims at Chrome OS Security

    By
    Todd R. Weiss
    -
    January 30, 2013
    Share
    Facebook
    Twitter
    Linkedin

      Google wants to continue to improve the security of its Chrome operating system for users and is putting up $3.1 million in prize money to be paid out to smart developers who help find serious flaws in Chrome OS’s code.

      The prizes will be awarded in $110,000 and $150,000 increments to developers competing for the money in the latest Pwnium 3 competition to be held March 7 at the CanSecWest security conference, wrote Chris Evans, a member of the Google Chrome Security Team, in a Jan. 28 post on The Chromium Blog.

      “Security is one of the core tenets of Chrome, but no software is perfect, and security bugs slip through even the best development and review processes,” wrote Evans. “That’s why we’ve continued to engage with the security research community to help us find and fix vulnerabilities.”

      The competition will be held alongside Hewlett-Packard’s Zero Day Initiative (ZDI) vulnerability-finding event, which along with the annual Pwn2Own competition will be held at CanSecWest from March 6 to 8 in Vancouver, British Columbia, Canada.

      Google Chrome is already featured in the Pwn2Own competition, wrote Evans, so Google decided to offer a separate Pwnium 3 prize pool where developers would compete by trying to find serious security flaws in Chrome OS.

      The Pwnium 3 rewards for uncovering Chrome OS flaws have specific requirements for payment, wrote Evans.

      “The attack must be demonstrated against a base (WiFi) model of the Samsung Series 5 550 Chromebook, running the latest stable version of Chrome OS,” he wrote. “Any installed software (including the kernel and drivers, etc.) may be used to attempt the attack.

      A Chromium OS developer’s guide offers assistance on getting up and running inside a virtual machine for those who lack access to a physical device, Evans noted.

      Competitors must follow standard Pwnium rules, wrote Evans. Their entries must include the full exploit of the alleged flaw as well as its “accompanying explanation and breakdown of individual bugs used.”

      In addition, the entry exploits “should be served from a password-authenticated and HTTPS [HTTP Secure]-supported Google property, such as Google App Engine,” wrote Evans. “The bugs used must not be known to us or fixed on trunk. We reserve the right to issue partial rewards for partial, incomplete or unreliable exploits.”

      The awards for winning entries will be paid out at $110,000 for browser- or system-level compromises in guest mode or as a logged-in user, delivered via a Web page, and $150,000 for compromises made through device persistence, such as a guest to guest with interim reboot, delivered via a Web page, according to the post.

      “We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared with traditional operating systems,” wrote Evans. “This year we’ve teamed up with ZDI by working together on the Pwn2Own rules and by underwriting a portion of the winnings for all targets.”

      The new rules enable a contest that “significantly improves Internet security for everyone,” said Evans. “At the same time, the best researchers in the industry get to showcase their skills and take home some generous rewards.”

      Google often seeks input from developers to help make security and operational improvements to its products.

      Earlier in January, Google announced that it will hold hackathon events in San Francisco and New York City to collect developer input on the Google Glass effort. The events are being held Jan. 28 and 29 in San Francisco and Feb. 1 and 2 in New York. The hacking events will focus on the Google Mirror API, which provides the ability to exchange data and interact with the user. The sessions will also include discussions with Google engineers about continuing development on Glass, as well as demos with special guest judges.

      The Google Glass project was unveiled at the Google I/O conference last year as an eyewear-mounted computer that will have a wide range of innovative features when it hits the consumer market. Attendees of that conference were given the opportunity to sign up to buy early Explorer Edition versions of Google Glass for $1,500. Google officials said those versions were expected to become available in early 2013, with consumer versions expected at least a year later.

      The Google Glass demonstration at Google I/O put the basic components of the devices on display, featuring an Android-powered display, a tiny Webcam, a GPS locator and an Internet connection node built into one side of a pair of glasses. The glasses are lightweight and may or may not have lenses.

      Todd R. Weiss
      As a technology journalist covering enterprise IT for more than 15 years, I joined eWEEK.com in September 2014 as the site's senior writer covering all things mobile. I write about smartphones, tablets, laptops, assorted mobile gadgets and services,mobile carriers and much more. I formerly was a staff writer for Computerworld.com from 2000 to 2008 and previously wrote for daily newspapers in eastern Pennsylvania. I'm an avid traveler, motorcyclist, technology lover, cook, reader, tinkerer and mechanic. I drove a yellow taxicab in college and collect toy taxis and taxi business cards from around the world.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×