Google is offering bug hunters thousands of dollars worth of compute time on its cloud to hammer away at JavaScript engines and uncover new security flaws in the software.
The Mountain View ads giant said it will hand folks each up to $5,000 in Google Compute Engine (GCE) credits to conduct fuzzing tests on JS interpreters, earmarking $50,000 total for the program. The grants will go to security bods who can figure out better ways to bombard the software with carefully crafted data in the hope of homing in on exploitable security vulnerabilities, such as heap overflows and function pointer overwrites, that can be subsequently fixed.
Researchers can focus on any of the major JavaScript engines: Safari's JavaScriptCore, Chrome and Edge's v8, or the Firefox Spidermonkey engine. The program is set to run until October 1, 2021, or until the cash runs out. Google's Project Zero hopes this offering ..
Support the originator by clicking the read the rest link below.
