Pwnium, Google’s yearly event where security experts can flag up vulnerabilities so they can be patched before the bad guys exploit them, is changing for 2015 – and instead of a one day affair, it will be running the year round.
Previously, Pwnium has required researchers to turn up to CanSecWest in order to present their findings in a one day event, but Google noted that it was time to expand the program, and make it accessible to more folks.
So, as mentioned it will now be running all year round, with security experts able to submit their bugs, wherever they are in the world, at any time. There’ll be no need to go through all the hassle and expense of registering for and travelling to the show. Also, instead of a set prize fund to give out as rewards to those who flag up dangerous exploits, in theory there’s an unlimited amount of money to be claimed.
In a blog post announcing the change, Tim Willis of the Chrome Security Team actually said the total reward cash available was “$∞ million”, although he added: “Our lawyercats wouldn’t let me say ‘never-ending’ or ‘infinity million’ without adding that ‘this is an experimental and discretionary rewards program and Google may cancel or modify the program at any time.’”
The top reward up for offer, by the way, is now $50,000 (£32,000).
Google says the move will not only mean more flaws will be squashed, it’ll also see the end of the practice of “bug hoarding” – in other words, finding an exploit, and keeping quiet about it, waiting to claim the cash reward at the event (meaning the exploit would sit there potentially waiting to be tapped by cyber-fiends all that time).