Pwn2Own Contest Shows Critical Security Flaws Remain Abundant

While developers are getting better about hardening their software, the 35 vulnerabilities revealed at the Pwn2Own tournament this week show that security remains a work in progress.

The annual contest pits vulnerability researchers against the latest operating systems running four different browsers and vital plug-ins, with the winner taking home the compromised—or "pwned"—laptop and up to $100,000 in cash prizes. Eight groups of researchers attempted to hack the systems, reporting 35 vulnerabilities to the contest organizers that would be passed on to their respective software vendors for patches and repairs, Brian Gorenc, manager of vulnerability research at HP Security Research, told eWEEK.

"You are seeing a market that is very lucrative and growing, and that results in more vulnerability research," he said. "We are seeing people take more of an out-of-the-box approach to exploiting software."