The pwn2own Contest Shows Just How Vulnerable Our Systems Really Are

When you own a computer there are certain things that you are going to need to make it effective and the number one thing that you are going to need is software.

Without the right software for your system your computer is not going to be able function like you need it to.

One of your jobs as a computer owner is to make sure that you pick the software that is going to help you enjoy your computer more.

The problem with having to rely on software to make your computer become a machine that is usable is that you introduce yourself to security problems.

The more software that you add to your system the higher the level of complexity gets.

That higher level of complexity means that there is more of a chance of security bugs finding their way in.

Every year there is a contest that is called pwn2own and it displays some of the biggest bugs on some of the most common software that we use.

In the past they have found major security bugs in some of the most popular browsers and other software that most people find on their computers.

The ever popular flash plugin has been a constant key to victory by some of the contestants in this contest and flash is on at least 90% of the computers that are out there.

So if this contest is making us less safe by showing the bad guys where the vulnerabilities are in the software products, why does it still continue?

I will answer that question below.

when bugs are exposed through pwn2own everyone benefits

when bugs are exposed through pwn2own everyone benefits

Why Let pwn2own Continue If It Is Exposing Security Bugs?

While the contest does expose very serious security bugs to the world this is not necessarily a bad thing.

Some people have the misconception that any time a big issue is exposed that you are helping the enemy.

While that may be the case more than likely you are helping the good guys more.

In the world of hackers there are the black hats and the white hats.

There is also a section known as the grey hats but we will leave them out of this talk.

The point is that the black hats and the white hats for the most part know the same tricks and they use the same tools as one another.

So if that is the case, there is a good chance that any bug that the good guys find out about the bad guys either already know or they will know soon afterward.

So no matter if the bug is exposed in a contest or in an attack exploit the results would still be the same.

The one difference is that if the good guy is able to find it first then they will be able to tell the creators of the software.

Once alerted, they will be able to create a fix before the bad guys can utilize it.

It is up to the software creators to come up with a fix before the bad guys can take advantage of it.

It is not as if the people who found the hole put it there.

The company that created the software is the one who made the mistake.

So if that is the case they must be the ones who are responsible for making it right.

In other products that we use every day if there is a problem you will find that the product is either recalled or a fix is sent out.

The companies do not blame the people who ran across the problem first.

In the world of software some of the companies used to have a problem with people who would find these bugs.

They felt as if they didn’t tell the world about the bugs then no-one else would be able to find them.

They know now that is not the case and never has been.

Now the major software companies are more accepting of people who find these bugs for them.

Microsoft, who was once an enemy of people who would do this, now holds parties for them and invites them to the campus.

When they are at the campus the white hat hackers take the time to explain to them how they found the bugs.

Companies are now realizing that it is to their mutual benefit to accept these people and even pay them for their services.

There is a black market out there for these types of security bugs.

You do not want the people who are helping you to even get a little bit tempted by the bad guys to sell the bug that they found.

The prize money from a contest like pwn2own helps stem that temptation as well.

There is good money in being a white hat hacker these days.

So as you can see a contest such as pwn2own is very helpful in making sure that the good guys are the ones that find the bugs first.

This way they can make sure that they can patch the system before the bad guys do any damage.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] to hang out at and they will find ways to amuse themselves. One of these ways is through the use of competitions. Also some of the hacker conferences that happen throughout the year will also expose you to some […]

Speak Your Mind

*