avis Ormandy works at Google and he’s the company’s one of the most respected security researchers. In a recent development, he won a $15,000 bug bounty for finding a bug in Bromium’s–a security vendor–micros-virtualization technology.
However, the Google hacker decided to donate this cash bounty to the Amnesty International organization.
Bromium is known for its Bromium Enterprise Controller that uses micro-VM to protect the organizations against the notorious code executions due to users’ interactions with deceptive links or emails.
To check the security of its product, Bromium ran “The Bromium Challenge” with $15,000 prize money at InfoSec Europe Conference.
According to the company’s blog, over the period of two days, different hackers attacked a PC protected by Bromium’s solution with 189 different instances of malware, 1,500 infected files, and 4,800 websites. Still, nobody was able to crack open the security measures employed by the company.
On the last day of this event, Ormandy contacted Bromium and told the security firm about not one, but two loopholes in their micro-VM-based software.
The Google hacker fooled Bromium’s sandbox and exposed the PC for a possible remote compromise.
After Ormandy donated his $15,000 prize money to the charity organization, Bromium donated an additional $15,000.
Bromium co-founder Simon Crosby has thanked Ormandy for his white-hat professionalism. He expects the charity model to catch on the tech industry.
On the other hand, Ormandy has thanked Bromium for their gesture.
Did you find this article interesting? Don’t forget to drop your feedback in the comments section below.
No comments:
Post a Comment