February 28, 2011, 10:14 AM — Organizers of Pwn2Own on Sunday defended the hacking contest's rules after a three-time winner criticized the challenge for encouraging researchers to "weaponize" exploits.
The contest, which starts March 9, pits researchers against four browsers -- Apple's Safari, Google's Chrome, Microsoft's Internet Explorer (IE) and Mozilla's Firefox -- as well as against smartphones running Apple's iOS, Google's Android, Microsoft's Windows 7 Phone and RIM's BlackBerry OS.
By Pwn2Own's rules, the first researcher to hack Firefox, IE or Safari, or each of the smartphones, wins a cash prize of $15,000. Taking down Chrome earns $20,000 .
"I'm disappointed in how many people have signed up [for Pwn2Own] and how few will win prizes," Miller said in an interview Friday. "What happens to all these other exploits that don't win?"
Miller drew the fourth, and final spot for Safari, the browser he's exploited each of the last three years at Pwn2Own. Along with Dion Blazakis, who also works for ISE, Miller is slated to go second in the iPhone hacking challenge.
Being first at Pwn2Own is critical to success, since the level of competition is so stiff, a fact noted not only by Miller but also by Dan Holden, the director of HP TippingPoint's DVLabs, the contest's sponsor, in a separate interview Friday.
Miller's point is that with so many contestants -- TippingPoint has said this year's list is the largest ever -- some researchers will go home emhanded. But the vulnerabilities they find and the exploits they create will not be taken off the market.