Call for Nominations for Pwnie Awards 2017
The Pwnie Awards will accept nominations for bugs disclosed and events that occurred over the last year, from June 1, 2016 to May 31, 2017.
Nominations will be accepted through July 1. The top five nominees in each category will be announced on the website and the judges will gather at an undisclosed location to vote on the winners. The judges are of course disqualified from winning any Pwnie awards, but they may still be nominated for one.
Pwnie for Best Server-Side Bug
Awarded to the researchers who discovered or exploited the most technically sophisticated and interesting server-side bug. This includes any software that is accessible remotely without using user interaction.
Pwnie for Best Client-Side Bug
Awarded to the researchers who discovered or exploited the most technically sophisticated and interesting client-side bug.
Pwnie for Best Privilege Escalation Bug
Awarded to the researchers who discovered or exploited the most technically sophisticated and interesting privilege escalation vulnerability. These vulnerabilities can include local operating system privilege escalations, operating system sandbox escapes, and virtual machine guest breakout vulnerabilities.
Pwnie for Best Cryptographic Attack
Awarded to the researchers who discovered the most impactful cryptographic attack against real-world systems, protocols, or algorithms. This isn't some academic conference where we care about theoretical minutiae in obscure algorithms, this category requires actual pwnage.
Pwnie for Best Backdoor
Awarded to the researchers who introduced or discovered the most subtle, technically sophisticated, or impactful backdoor in widely used software, protocols, or algorithms.
Pwnie for Best Junk Hack
Awarded to the researchers who discovered and performed the most needlessly sophisticated attack against the most needlessly Internet-enabled "Thing."
Pwnie for Best Stunt Hack
Awarded to the researchers, their PR team, and participating journalists for the best, most high-profile, and fear-inducing public spectacle that resulted in the most panic-stricken phone calls from our less-technical friends and family members. Bonus points for it being a needlessly sophisticated attack against a needlessly Internet-enabled "Thing."
Pwnie for Best Branding
Sometimes the most important part of security research is how you market and sell the vulnerability you discovered. Who cares how impactful the actual vulnerability is, what matters is how sweet your logo turns out!
Pwnie for Epic Achievement
Awarded to the researchers, attackers, defenders, executives, journalists, nobodies, randos, or trolls for pulling off something so truly epic that we couldn't possibly have predicted it by creating an award category that did it justice.
Pwnie for Most Innovative Research
Awarded to the person who published the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post.
Pwnie for Lamest Vendor Response
Awarded to the vendor who mis-handled a security vulnerability most spectacularly.
Pwnie for Most Over-hyped Bug
Awarded to the person who discovered a bug resulting in the most hype on the Internets and in the traditional media. Extra points for bugs that turn out to be impossible to exploit in practice.
Pwnie for Best Song
What kind of awards ceremony does not have an award for best song?
Pwnie for Most Epic FAIL
Sometimes giving 110% just makes your FAIL that much more epic. And what use would the Internet be if it wasn't there to document this FAIL for all time? This award is to honor a person or company's spectacularly epic FAIL.
Lifetime Achievement Award
Most hackers have the personality of a supermodel who does discrete mathematics for fun. Like mathematicians, hackers get off on solving very obscure and difficult to even explain problems. Like models, hackers wear a lot of black, think they are more famous than they are, and their career effectively ends at age 30. Either way, upon entering one's third decade, it is time to put down the disassembler and consider a relaxing job in management.
This award is to honor the long track record of achievements of those who have moved on to bigger and better things such as management or owning (in the traditional sense) a coffee shop.
To submit a nomination for Lifetime Achievement, please send an e-mail to info@ with some actual prose on why the person that you are nominating is awesome.
Pwnie for Epic 0wnage
0wnage, measured in owws, can be delivered in mass quantities to a single organization or distributed across the wider Internet population. The Epic 0wnage award goes to the hackers responsible for delivering the most damaging, widely publicized, or hilarious 0wnage. This award can also be awarded to the researcher responsible for disclosing the vulnerability or exploit that resulted in delivering the most owws across the Internet.