Google’s leading security engineer Tavis Ormandy recently won a bug bounty challenge run by security solutions firm Bromium and decided to donate the money to charity. Following his gesture, Bromium matched Ormandy’s donation and donated $15,000 to Amnesty International organization.
However, the Google hacker decided to donate this cash bounty to the Amnesty International organization.
Bromium is known for its Bromium Enterprise Controller that uses micro-VM to protect the organizations against the notorious code executions due to users’ interactions with deceptive links or emails.
To check the security of its product, Bromium ran “The Bromium Challenge” with $15,000 prize money at InfoSec Europe Conference.
According to the company’s blog, over the period of two days, different hackers attacked a PC protected by Bromium’s solution with 189 different instances of malware, 1,500 infected files, and 4,800 websites. Still, nobody was able to crack open the security measures employed by the company.
On the last day of this event, Ormandy contacted Bromium and told the security firm about not one, but two loopholes in their micro-VM-based software.
The Google hacker fooled Bromium’s sandbox and exposed the PC for a possible remote compromise.
After Ormandy donated his $15,000 prize money to the charity organization, Bromium donated an additional $15,000.
Bromium co-founder Simon Crosby has thanked Ormandy for his white-hat professionalism. He expects the charity model to catch on the tech industry.
On the other hand, Ormandy has thanked Bromium for their gesture.