Pwn2Own competition rules are flawed. I am happy to announce that I will start a better owning competition (without BS rules) later this year or next year. More details will be published soon.https://twitter.com/ihackbanme/status/1108529066703908864 …
-
-
1. There's no transparency from the vendors that can say: we already knew about a bug - as long as it's not fixed (even in a beta version) just knowing doesn't mean anything. 2. Old bugs are also meaningful for defensive purposes imo- depends on what is the usage.
-
What transparency do you propose? If it has to be patched, then you just share the bug with a friend and submit it simultaneously and get double the award. I know the people who run these programs have game theoried this stuff to death

- 2 more replies
New conversation -
-
-
I've even heard of people setting up fake charities to get double bounty awards, so you can't just assume good faith

- End of conversation
New conversation -
-
-
I mean even if I am on the receiving hand I understand, it would be too easy to take codebases that fix bugs upstream before release like webkit, v8, spidermonkey etc... and look for commits that look like security issues, write an exploit and pass it as your own
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Well, if the bug was reported by other external researcher it’s okay, the thing I never understand is the bug was found by vendor internally, I remember that happened at least once at pwn2own.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
If it works on latest version, it's a win !

