This week launched the annual CanSecWest conference. But the real events were the two contests, Pwn2Own and Pwn4Fun, which saw more than a million in prizes awarded to both hackers and charity in the name of cyber security exposure.
Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Apple Safari were among just some of the names eagerly awaiting news of security vulnerabilities in their programs. The CanSecWest hackers were more than happy to oblige.
Teams of these developers competed to break through the various coded protective measures within the browsers, as well as two Adobe plugins. Each of the programs fell to the skill of their attackers.
An astonishing $850,000 was awarded eight developer teams over the course of two days. Another $82,500 was awarded to several charity in the second event.
Team Vupen was the real star of the contests this year, taking home $400,000 and the honor of being the first of two teams to crack through Chrome.
While these contests have been going on for more than a decade, this is the first time the stakes have been so high. As the internet becomes a more and more lucrative market, the need for companies to protect their assets grows. These events provide a real benefit, and they are happy to shell out the cash for the information they get back.
Researchers are equally eager to take part. With the prize money increasing annually, it has never been a better time to show off their skills.
“The major value of Pwn2Own is to show that even the most secure software can be compromised by a team of researchers with enough resources,” Chaouki Bekrar of Vupen Security explained.
“Since we report the vulnerabilities to the vendors, they fix the flaws, and they harden the browser to prevent future attacks.”
Not only does this pay the researchers handsomely, and provide a great opportunity for firms to get their name out into the media, but it brought $82,500 to the Canadian Red Cross. See? Sometimes crime does pay.