Best Client-Side Bug

Multiple URL protocol handling flaws

Best Server-Side Bug

Windows IGMP kernel vulnerability (CVE-2007-0069)

Best Song

Packin’ The K!

Lamest Vendor Response

McAfee’s “Hacker Safe” certification program

Lifetime Achievement Award

Tim Newsham

Mass 0wnage

An unbelievable number of WordPress vulnerabilities (CVE-2008-*)

Most Epic Fail

Debian for shipping a backdoored OpenSSL library for two years (CVE-2008-0166)

Windows Vista for proving that security does not sell

Most Innovative Research

Defeating a VM packer with a decompiler written in OCaml

Lest We Remember: Cold Boot Attacks on Encryption Keys

Most Over-Hyped Bug

Unspecified DNS cache poisoning vulnerability (CVE-2008-1447)