Security Research
Showing results for 
Search instead for 
Do you mean 

Pwn2Own, Patch Tuesday, and the thrill of the unexpected

Angela_Gunn ‎03-03-2014 09:39 AM - edited ‎03-03-2014 10:19 AM

The Patch Tuesday tradition established by Microsoft and other software vendors has done a great deal to standardize security-updating practices across the industry. We celebrate that – even when it may well cause some uproar for our Pwn2Own competition.


One of the tenets of the Pwn2Own competition is that we’re looking for the best of the best – that is, for vulnerabilities that work against the most current browsers and plug-ins the vendors have on offer. (We’re sure your mom’s IE 6 RCE is very nice, but we’re playing on another level here.) Not only do we restrict competition to just the latest versions of the software, those versions have to be fully patched. After all, we’re paying good money for the zero-day vulnerabilities the winners use to pwn these products; if they’re not unknown vulnerabilities anymore, they’re worth nothing to us.


That makes things interesting for the researchers, of course. There’s every chance the exploit that worked beautifully on March 11 won’t do anything on March 12. Since signup for the competition ends at 5pm on March 11, competing researchers will have to scramble (to say the least) to be sure. Meanwhile, the ZDI team will be diligently patching our competition laptops as soon as updates are released – not the most exciting Tuesday evening ever, but we expect the next day will more than make up for it.


Will some holes close unexpectedly? Will some competitors discover on Tuesday night that they have nothing useful for Wednesday? Could happen. May happen. It’s going to be an exciting year.


We hope to see you there.

0 Kudos
About the Author


Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Aug 29 - Sep 1
Boston, MA
HPE Big Data Conference 2016
Attend HPE’s Big Data Conference on August 29 - September 1, 2016 to learn from peers in every industry and hear from Big Data experts and thought lea...
Read more
Sep 13-16
National Harbor, MD
HPE Protect 2016
Protect 2016 is our annual conference on September 13 - 16, 2016, and is the place to meet the world’s top information security talent, discuss new pr...
Read more
View all