From InfoWorld: Google yesterday announced a six-month bug contest that will pay up to $200,000 for an Android "bug chain," one or more successful exploits of previously unknown vulnerabilities.
Dubbed "Project Zero Prize," it differed from hacking contests that take place over one or two days: Researchers can submit entries from now until March 14, 2017. In that regard, Google's contest resembled the limited-time bug bounties that rival Microsoft has offered to focus on, among other areas and applications, in Windows 10's Edge browser.
In the case of multi-exploit entries, Google also departed from the usual contest or bounty rules by encouraging researchers to submit each link in the bug chain as the flaws were uncovered, rather than wait until all were in place and exploitable.
"Instead of saving up bugs until there's an entire bug chain, and then submitting it to the Project Zero Prize, participants are asked to report the bugs in the Android issue tracker," wrote Natalie Silvanovich, a Google security engineer, in a post to a company blog. "They can then be used as a part of submission by the participant anytime during the six-month contest period."
View: Article @ Source Site