The search giant announced earlier this year that it would buy security bugs that researchers find in Chrome, another tactic aimed at shoring up its security.
American researchers who expose security bugs have faced a similar backlash, especially when those flaws are made public before companies have a chance to patch them.
FORBES: Indian Researcher Who Showed E-Voting Security Flaws Jailed, Denied Bail, Charged With Theft
But the Chiasso, Switzerland-based company has a serious purpose: It offers an eBay (nasdaq: EBAY - news - people )-style Web auction platform for security bugs.
Unlike other challenges released by Overthewire, Natas focuses exclusively on exploiting web security bugs in servers, according to its creator, Steven Van Acker, a computer science graduate student at Katholieke Universiteit Leuven in Belgium.
FORBES: Hurricane-Bound Hacker? Here's A Rainy Day Web-Hacking War Game
When IBM filtered those unpatched security flaws by severity, however, Google came out as the least likely to patch critical security bugs in its software that would allow a hacker to completely hijack a target system, leaving 33% of those high severity flaws unpatched over the first half of the year.
Google just announced the release of Jarlsberg, a microblogging app specifically designed to be full of bugs and security flaws.
FORBES: Google Releases Vulnerable, Bug-Ridden App--On Purpose
Over the past year, security researchers have revealed bugs in practically every piece of virtualization software, including products from virtualization heavyweights VMware and Microsoft .
The company has been famous over the years for writing bloatware riddled with bugs and security holes you could drive an entire Wikileaks through.
Heffner, like most security researchers revealing dangerous bugs, argues that releasing an exploit may be the most effective way to draw attention to severity of the problem and convince both browser and router makers to fix the fundamental vulnerability.
Sandboxed or not, the security of Chrome's users will depend on who finds those bugs first, says Web security guru and White Hat Security Chief Technology Officer Jeremiah Grossman.
Facebook says it uses data from unclicked "Like" buttons only for security purposes and to fix bugs in its software.
This loose coalition of security researchers aims to produce fixes for bugs for which there are no official patches.
According to security firm Symantec, only eight such bugs were spotted in 2011.
As part of its monthly security roundup, Microsoft will fix 28 bugs tomorrow (June 12) in several of its programs, including Windows, Internet Explorer and Office.
Hedge fund managers are paying security firms to check their offices and homes for bugs and listening devices, according to the FT.
Critical parts are typed up by hand and, despite a wealth of testing tools that claim to catch bugs, the complexity of software makes security flaws and errors nearly unavoidable and increasingly common.
But Chrome's security will depend on how often and what types of bugs can be found in its code, says Ullrich.
Security researchers have long criticized Microsoft for refusing to pay bounties for bugs they find in its software, a practice adopted by Google, Facebook and other tech firms.
FORBES: Microsoft Offers $200,000 Prize For Silver Bullet Against Hackers
JailbreakMe uses two bugs that allow far more access to devices no matter what security settings their owners use.
FORBES: Apple Patches JailbreakMe: Will iPhone Jailbirds Sacrifice Liberty For Security?
But Dave Aitel, chief technology officer of another vulnerabilities broker called Immunity, says that security professionals will never be able to offer hackers as much money for software bugs as the bad guys.
Miller joined a Baltimore company called Independent Security Evaluators in 2007, and his contract hasn't allowed him to sell bugs independently.
Last year net security specialist Kaspersky said that 50% of hacks carried out by seeking out software bugs were done via Java.
Oracle typically issues security patches for Java every quarter but it tore up the usual schedule because the bugs were being increasingly abused.
Today, several IT security companies are moving into that chaotic marketplace to broker a more equitable exchange of software bugs for dollars.
The Polish firm Security Explorations claims in a blog post that it alerted Oracle to a large collection of bugs more than four months ago, and even received confirmation that Oracle had taken note of their findings.
FORBES: Oracle Quietly Releases Fix For Serious Java Security Bug--Months After It Was Reported
Bad software leads to security vulnerabilities that vandals and thieves exploit, and wastes hours of productive time as techies desperately fix bugs in the code.
When the latest version of Mozilla's Firefox was released in June, bugs that allowed a site to install malicious programs on a visitor's computer were reported to security vendor Tipping Point within hours.
应用推荐