Via SecurityFocus -
A group of well-known researchers will meet this week at the Black Hat Security Briefings in Las Vegas to hand out seven awards recognizing the best bugs, mocking the worst vendors, and paying homage to the most lyrical bug hunter.
The Pwnie (pronounced "pony") Awards celebrate the most lethal bugs found by researchers in the past year, as well as the most hyped vulnerabilities. Like many of the hackers that find the flaws, the awards are not without a sense of humor (the Pwnies will recognize the best song written by a researcher) nor a certain vengefulness (the worst vendor will also be named).
"We have been getting a lot of submissions," David Goldsmith, president of Matasano, told SecurityFocus last week. Goldsmith and six other researchers -- including security professional Dino Dai Zovi, whose flaw won the Pwn to Own hack-a-Mac competition, and reverse engineer Halvar Flake, who may not make it to Black Hat after all -- announced the Pwnies last week and will act as the judges.
Security researchers have garnered more respect over the past decade. While major software vendors treat researchers well, others have tried to quash any reports of vulnerabilities in their products. Moreover, many researchers are irked that they are expected to give up important vulnerability information to vendors for free. The feelings have created a ready pool of freelance researcher for vulnerability bounty program, such as those created by iDefense and TippingPoint, and has given relative newcomer, auction site WabiSabiLabi, some momentum.
Nominations for the seven categories -- best server-side bug, best client-side bug, flaw used for mass exploitation, most innovative research, most overhyped bug, lamest vendor response and best song -- closed on July 28. The Pwnie Awards will be given out at Black Hat on August 2.
No comments:
Post a Comment