Google is cancelling the upcoming iteration of Pwnium, the competition they have sponsored regularly over the past several years. Pwnium has been very useful for Google in protecting Chrome and Chrome OS, because the entire event is about finding holes in the Chromium project. Why did they cancel it, then? For the sake of security!
Okay okay, that sounds pretty counter-intuitive. Instead, I'll explain it the way Google does. Pwnium isn't cancelled, it is going on starting now and until the end of time. Rather than the old format, where participants had to pre-register and go to a physical meeting place on a specified date, Google is ramping up its always-open bounty system.
The types of high-importance bug reports that would generate cash prizes at Pwnium will now get similarly-sized payouts through the Chromium Vulnerability Rewards Program, which pays well-meaning hackers who share their findings. This makes the pool of potential participants much higher, since they no longer need to travel.
More importantly, there will no longer be an incentive for hackers to find a bug but say nothing until the competition date rolls around. Would you give up the $50,000 reward just so the exploit you found (and, probably, nobody else knows about) can get patched a few months sooner? With this change, these bright minds won't have to make those kinds of difficult ethical and practical decisions.
This is a good move for everyone involved.
- Chromium Blog