Security Research
Showing results for 
Search instead for 
Do you mean 

The world outside the room: Hackers, Pwn2Own, and charity

Angela_Gunn ‎03-14-2014 01:52 PM - edited ‎10-17-2014 12:13 PM

As we all decompress from Pwn2Own 2014, let’s reflect on how odd the whole thing looks from outside that room at the Sheraton. Researchers bring exploits made of highly unpleasant code from which anyone reasonable would steer clear. They show it to ZDI, an organization that brings large amounts of money to buy it. We immediately give it away (yes, free) to affected vendors, who are expected to look on quietly while the researchers break their products…in front of other researchers, who take the launch of calc.exe as proof that something amazing has happened…and then everyone applauds.


And that doesn’t include the inflatable unicorns. (Thanks again, Dragos.)


Of course we aren’t applauding breakage at Pwn2Own; we’re applauding the skill it takes to find it. When ZDI pays big money for vulns and hands them along to the vendors for free, we’re not saying the vulns are worth nothing to us; our payouts are an investment in getting problems contained and fixed.


So when ZDI and Google started talking about holding a pre-event hacking session, not only did it sound like fun, but we liked an excuse to hand big bags of money to an organization that also gets problems contained and fixed. The Canadian Red Cross does great work and gave us a chance to give back to the country that has hosted the contest all these years.


The plan came together and the sponsor teams started seeking out possible vulns. Neither team knew what – if anything – we would find that would prove Pwn4Fun-worthy, and to be honest we weren’t sure until a few hours before the contest that both groups were going to deliver. (Remember Patch Tuesday and that IE bulletin? We sure will.) But everything sorted out, and two hours later, we’d collectively racked up $82,500 in donations.

 Giving money to a great cause is a total rush. We received a bonus (secondhand) dose the next day, when Keen Team announced they’d be giving a portion of their winnings to a to-be-determined charity as well. It was a nice gesture that made the longest Pwn2Own in history shine just a little brighter. And to cap the event, Jon Oberheide, who announced last week on Twitter that he’d be running the #cats4fun contest to seek the very finest feline-security photos, pledged a $1,000 donation to the American Society for Prevention of Cruelty to Animals for this fine image. (Thanks!)


As weird as some of us may seem, white-hat security researchers do live in the real world – and though we can’t fix all the world’s problems, we sure wish we could. Events like Pwn2Own let us have fun while we try. Adding charitable donation opportunities to the mix turned out to be a great way of extending the goodness, and of making the values we hold more visible outside our little room.



0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all