“Pwn2Own” competition pops Flash, Reader and four browsers, pays out over $550K [POLL] by Paul Ducklin.
Paul details the results from Pwn2Own 2015 and gives a great run down on the background of the contest. A must read if you are interested in cybersecurity competitions. Here the targets were:
- Windows
- Microsoft IE 11
- Mozilla Firefox
- Adobe Reader
- Adobe Flash
- Apple Safari
- Google Chrome
Bugs were found in all and system access obtained in four cases.
I mention this in part to ask you to participate in Paul’s poll on whether Pwn2Own contests are a good idea.
As you can imagine, I think they rock!
Assuming the winners did devote a substantial amount of time prior to the contest, a $110,000 prize (by one winner) is no small matter.
Paul cites critics as saying:
it makes security molehills into theatrical mountains.
I don’t know who the critics are but system level access sounds like more a molehill to me.
Critics of Pwn2Own are dour faced folks who want bugs reported to vendors and with an unlimited time to fix them, whether they acknowledge the report or not, and if they do, you should be satisfied with an “atta boy/girl” and maybe a free year’s subscription to a PC gaming zine.
Let’s see, vendors sell buggy software for a profit, accept no liability for it, abuse/neglect reporters of bugs, and then want reporters of bugs to contribute their work for free. Plus keep your knowledge secret for the “good of the community.”
Do you see a pattern there?
Screw that!
Vote in favor of Pwn2Own and organize similar events!