Google cemented its reputation as the squarest company around Monday (pun intended), offering prizes totaling Pi Million Dollars – that’s right: $3.14159 million greenbacks – in its third annual Pwnium hacking contest, to be held at the CanSecWest conference on March 7 in Vancouver, British Columbia.
Google will pay $110,000 for a browser or system level compromise delivered via a web page to a Chrome user in guest mode or logged in. The company will pay $150,000 for any compromise that delivers “device persistence” delivered via a web page, the company announced on the chromium blog.
“We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems,” wrote Chris Evans of Google’s Security Team.
The announcement is part of stepped up efforts by the Mountain View company to put a premium on information about security holes affecting its products, including Android and the Chrome web browser.
It comes a week after the company and HP’s Zero Day Initiative (ZDI) announced the details and prospective prizes for the Pwn2Own competition, scheduled for March 6-8, also as part of CanSecWest. A total of $560,000 is on the table there – supplied jointly by Google and HP – with individual awards ranging from $20,000 (for a hole in Oracle’s Java) to $100,000 for anyone who can compromise a fully patched version of Chrome running on a fully patched version of Windows 7, or a fully patched version of IE 10 on Windows 8. An Adobe Reader XI or Flash exploit fetches $70,000, while Firefox on Windows 7 is $60,000.
The $3.14 million pot is more than triple the $1 million offered a year ago at the first Pwnium contest. Individual awards have increased significantly, also. Just 12 months ago, a “full Chrome exploit” on a Chromebook or Windows 7 system with user account persistence fetched just $60,000.
Pi Million dollars in prizes also continues Google’s long-held tradition of not-so-subtle nods to geek culture. Back in 2010, when the company first began offering monetary awards for information about security holes in its products, the top bounty for a Chrome bug was famously set at $1,337 – a sly reference to “leet,” slang for “elite” or especially skilled hackers.
Pi – or π -is a mathematical constant that expresses the ratio of a circle’s circumference to its diameter. Generally truncated to 3.14 or 3.14159, its decimal representation is an unending and non-repeating pattern of numbers.