A few years ago, the idea came up at our local AHA! meeting that our group should host an information security and/or hacking conference here in Austin, Texas. Some venue ideas were tossed around, some preliminary cost research done, but the idea never went much beyond that due to a number of reasons, foremost of which is that AHA! folk are very, very busy people, myself included. Back then, none of us simply had the time or resources to make such an undertaking happen. Fortunately, while I still don’t really have the time personally, I now have the resources in the way of paid staff that I can have plan and execute such an event, so mid-2011 or so I decided to do so.
Posts Tagged ‘No More Free Bugs’
Taking place over the last week was the CanSecWest 2010 security conference, with their now annual Pwn2Own contest. For those that are unfamiliar, the Pwn2Own contest presents a number of devices usually consisting of mobile or cellular devices and laptops as targets and allows contestants to attempt to compromise them in some way. These targets are patched up through the most recent vendor patches, and if a contestant is able to Pwn (compromise) the device, they get to Own (keep) it. This is always a nice publicity stunt as the contest is widely publicized by it’s sponsor, providing researchers with some fame and a prize as a bit of a return on their invested effort researching vulnerabilities and developing exploits. The Zero Day Initiative (ZDI) who sponsors the contest also offers to buy the vulnerabilities used by the winners and “responsibly disclose” them to the affected vendors, providing a bit of a cash incentive as well.
Over the past few years however, some things have drastically changed in the value and marketability of such vulnerabilities.