Posted by Robert Vamosi on June 13, 2016
The pwnie awards for 2016 are now open for any bugs disclosed and security events that occurred over the last year, from June 1, 2015 to May 31, 2016. Nominations will close July 1. Winners, chosen by a panel of security experts, will be announced August 3, 2016, during Black Hat USA 2016 in Las Vegas.
This year there are 16 distinct categories, with 6 that are new.
The categories are, with descriptions from the Pwnie Award page itself, as follows:
Pwnie for Best Server-Side Bug
Awarded to the researchers who discovered or exploited the most technically sophisticated and interesting server-side bug. This includes any software that is accessible remotely without using user interaction.
Pwnie for Best Client-Side Bug
Awarded to the researchers who discovered or exploited the most technically sophisticated and interesting client-side bug.
Pwnie for Best Privilege Escalation Bug
Awarded to the researchers who discovered or exploited the most technically sophisticated and interesting privilege escalation vulnerability. These vulnerabilities can include local operating system privilege escalations, operating system sandbox escapes, and virtual machine guest breakout vulnerabilities.
Pwnie for Best Cryptographic Attack (new for 2016!)
Awarded to the researchers who discovered the most impactful cryptographic attack against real-world systems, protocols, or algorithms. This isn’t some academic conference where we care about theoretical minutiae in obscure algorithms, this category requires actual pwnage.
Pwnie for Best Backdoor (new for 2016!)
Awarded to the researchers who introduced or discovered the most subtle, technically sophisticated, or impactful backdoor in widely used software, protocols, or algorithms.
Pwnie for Best Junk Hack (new for 2016!)
Awarded to the researchers who discovered and performed the most needlessly sophisticated attack against the most needlessly Internet-enabled “Thing.”
Pwnie for Best Stunt Hack (new for 2016!)
Awarded to the researchers, their PR team, and participating journalists for the best, most high-profile, and fear-inducing public spectacle that resulted in the most panic-stricken phone calls from our less-technical friends and family members.
Pwnie for Best Bug Branding (new for 2016!)
Awarded to the researchers’ PR team who had the best branding for their bug regardless of the technical qualities of the bug. This category is all about the “looks.”
Pwnie for Epic Achievement (new for 2016!)
Awarded to the researchers, attackers, defenders, executives, journalists, nobodies, randos, or trolls for pulling off something so truly epic that we couldn’t possibly have predicted it by creating an award category that did it justice.
Pwnie for Most Innovative Research
Awarded to the person who published the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post.
Pwnie for Lamest Vendor Response
Awarded to the vendor who mis-handled a security vulnerability most spectacularly.
Pwnie for Most Over-hyped Bug
Awarded to the person who discovered a bug resulting in the most hype on the Internets and in the traditional media. Extra points for bugs that turn out to be impossible to exploit in practice.
Pwnie for Best Song
What kind of awards ceremony does not have an award for best song?
Pwnie for Most Epic FAIL
Sometimes giving 110% just makes your FAIL that much more epic. And what use would the Internet be if it wasn’t there to document this FAIL for all time? This award is to honor a person or company’s spectacularly epic FAIL.
Lifetime Achievement Award
Most hackers have the personality of a supermodel who does discrete mathematics for fun. Like mathematicians, hackers get off on solving very obscure and difficult to even explain problems. Like models, hackers wear a lot of black, think they are more famous than they are, and their career effectively ends at age 30. Either way, upon entering one’s third decade, it is time to put down the disassembler and consider a relaxing job in management.
Pwnie for Epic 0wnage
0wnage, measured in owws, can be delivered in mass quantities to a single organization or distributed across the wider Internet population. The Epic 0wnage award goes to the hackers responsible for delivering the most damaging, widely publicized, or hilarious 0wnage. This award can also be awarded to the researcher responsible for disclosing the vulnerability or exploit that resulted in delivering the most owws across the Internet.
To nominate in any of the above categories, please see the Pwnie Awards site.
Get the latest Software Integrity news, thought leadership, and more.