Google announces winner of the Native Client Security Contest
Google has announced the winner of its Native Client Security Contest, which had a total of 600 security specialists searching for security holes and design flaws in the code of Google's forthcoming project. The Native Client system is designed to give web applications access to the client processor's full performance, while maintaining browser neutrality, operating system portability and security. Consisting of a runtime environment and a browser plug-in, the client is compatible with Firefox, Safari, Opera and Google Chrome, but it is not available for Internet Explorer. Google is likely to integrate the client into Chrome before the end of the year.
The winning team "Beached As", consisting of Mark Dowd of IBM's X-Force and the independent security specialist Ben Hawkes, reported twelve valid security issues to Google, including several vulnerabilities in the validator, a component designed to detect and block malicious code before it can be executed. In second place, a team of three security professionals from Matasano Security found three security holes. There were five winners overall.
In its announcement, Google emphasises that none of the detected flaws represents a fundamental architectural weakness in Native Client. Mark Dowd even praised the high quality of the source code he examined.
- Google goes Native Client, a report from The H