Security News > 2020 > October > And you thought Fuzzilli was a pasta... Google offers up $50k in cloud credits to fuzz the hell out of JavaScript engines
Google is offering bug hunters thousands of dollars worth of compute time on its cloud to hammer away at JavaScript engines and uncover new security flaws in the software.
The Mountain View ads giant said it will hand folks each up to $5,000 in Google Compute Engine credits to conduct fuzzing tests on JS interpreters, earmarking $50,000 total for the program.
Google's Project Zero hopes this offering will lead to people figuring out more efficient ways to suss out bugs in complex software that pretty much everyone uses every day without breaking the bank.
As an example of the high cost involved in probing non-trivial code, Groß said the Google Cloud virtual-machine instances used to find about 20 bugs with Google Project Zero's JS engine fuzzer Fuzzilli in 2019 would have set you and I back around $10,000.
Any CVE credits and bug bounty payouts that come along with the fuzzing work can be kept by the finder, though Google is asking that everyone involved make their work open source and share it with the rest of the world.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/02/google_javascript_fuzzing_funds/
Related news
- Google Cloud to make MFA mandatory by the end of 2025 (source)
- Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users (source)
- All Google Cloud users will have to enable MFA by 2025 (source)
- Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage (source)