Security Contest - Only Two Weeks Left!

[Brad Chen]

There are only two weeks left in the Native Client Security Contest and there's never been a better time to report bugs! So far we've seen twenty-four submitted issues from seven teams, so it's definitely not too late to be competitive. We've seen some great buffer overflows, information leaks and even a couple holes in the inner sandbox, but there probably are still exploitable bugs in the system. Here are some kinds of bugs we haven't seen:

• exploitable races in the service runtime
• attacks based on invalid IMC messages
• exploitable CPU errata
• scripting attacks that Native Client makes easier

See http://code.google.com/contests/nativeclient-security/ for all the details about the contest.

Happy Hunting!
The Native Client Engineering Team