Pwnie Awards 2017

The Right Honorable Pwnies Judiciary Committee does herewith set forth the following 2019 PWNIES AWARD CATEGORIES for your perusal and PROMPT, DILIGENT NOMINATORY ACTION.

pwnie for best server-side bug

Awarded to the researchers who discovered or exploited the most technically sophisticated and interesting server-side bug. This includes any software that is accessible remotely without using user interaction.

Nominate a Server-Side Bug.

pwnie for best client-side bug

Awarded to the researchers who discovered or exploited the most technically sophisticated and interesting client-side bug.

Nominate a Client-Side Bug.

pwnie for best privilege escalation bug

Awarded to the researchers who discovered or exploited the most technically sophisticated and interesting privilege escalation vulnerability. These vulnerabilities can include local operating system privilege escalations, operating system sandbox escapes, and virtual machine guest breakout vulnerabilities.

Nominate a Privilege-Escalation Bug.

pwnie for best cryptographic attack

Awarded to the researchers who discovered the most impactful cryptographic attack against real-world systems. A Pwnie Cryptography Award should represent a meaningful break in a system actually deployed. The attack can require a math Ph.D to understand its workings, but not to understand its impact, and it can’t require a data center in Utah to exploit.

Nominate a Cryptographic Attack.

pwnie for most innovative research

Awarded to the researcher or team who published the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post.

Nominate Innovative Research.

pwnie for lamest vendor response

Awarded to the vendor who mis-handled a security vulnerability most spectacularly.

Nominate a Lame Vendor Response.

pwnie for most over-hyped bug

Awarded to the researcher/team who discovered a bug resulting in the most hype on the Internets and in the traditional media. Extra points for bugs that turn out to be impossible to exploit in practice.

Nominate Over-Hyped Research.

pwnie for most epic fail

This award is for the defenders who dared to wonder, “What could possibly go wrong?” For the investors who happily departed with eight-figure checks for a pitch presenting snake oil served over word salads on a fool’s gold platter. For the infosec vendors who adopted defense-by-deception as a marketing strategy. This award will honor a person or corporate entity’s spectacularly epic fail – the kind of fail that lets the entire infosec industry down in its wake. It can be a singular incident, marketing piece, or investment – or a smoldering trail of whale-scale fail.

Nominate Failure.

new! pwnie for most under-hyped research

Like good magicians our industry will put a lot of razzle dazzle on the problems we can sell a solution for. But what about the things that are DONTFIX, can’t be scanned for, but are still amazingly cool and high impact? We (as an industry) sweep them under the rug and then they get caught in the UNDERHYPED pwnie awards!

Nominate Under-Hyped Research.

new! pwnie for epic achievement

Awarded to the researchers, attackers, defenders, executives, journalists, nobodies, randos, or trolls for pulling off something so truly epic that we couldn’t possibly have predicted it by creating an award category that did it justice.

Nominate Epic Achievement.

Nominations opened.
Nominations closed.
The list of nominees is announced.
Awards ceremony at the BlackHat USA conference in Las Vegas.
Awards Ceremony
when Wed, Aug 7th 2019
where BlackHat USA 2019, Mandalay Bay, Las Vegas (room to be announced)