For the last few years, companies have had two primary approaches to security: attempt to plug every security hole themselves, or rely on an open-source community to do so. With its open-source Native Client project, Google actually wants to do both and has launched a contest to attract outside development talent to plug security holes in Native Client's code.
Native Client is a Google-developed technology for running x86 native code in Web applications. Google hopes the code will make it easier for developers to write richer browser-based applications that run across a range of browsers and operating systems.
Google's security contest for Native Client is a great way to attract early notice to the project. Given the projects' cross-platform appeal, it's also an ingenious way to ensure that it starts to build a cross-platform community that may well prove to be useful far beyond the initial security holes for which the contest is targeted.
The money on offer ($8,192 for first prize) isn't huge, but that's not really the point behind a contest like this, anyway. The real first prize will be impressing Google and one's developer peers with the ability to identify and squash security bugs. That's the real currency of open-source development, anyway: reputation.
Google continues to demonstrate.
Registration for the contest runs through May 5.
Follow me on Twitter at mjasay.