The first round of the Pwn2Own was something of a redux of the previous one: the Mac was the first to fall (I’m actually not surprised given Apple’s culture of obscurity-over-security), with Windows 7 via IE 8 shortly thereafter. But Linux wasn’t even in the running this time. What gives?
A couple of comments posted on the TippingPoint blog about the Pwn2Own contest might provide a clue. When people asked about why Opera was left out of the running, the response was: “Based on market share we only accept Internet Explorer and Firefox vulnerabilities” (although there were plenty of counter-responses regarding Opera’s prevalence in the mobile market).
If that’s the case, it sounds like Linux was dropped from the contest for the same reason: its market share still bulks tiny next to either Windows or the Mac. And in the abstract, they’re right about it: people write malware and exploit zero-day weaknesses in Windows because that’s where the money is.
But it doesn’t make sense to ignore Linux entirely, especially when a) it’s a growing market segment in many respects and b) its supporters must stop seeing security as an inevitable by-product of the open source development process. It helps, not hurts, their image to have their security tested in high-profile ways like this.
Addendum: Turns out the competition was browser- rather than OS-centric, which explains at least in part why Linux per se wasn’t featured. I’m not positive that’s the best way to proceed, since a given browser can demonstrate security deficiencies differently on different platforms.
Related Posts: On this day...
- AT&T buys T-Mobile - 2011
- Sex study: Swinging 60s had nothing on the 90s - 2010
- Snoop Dogg VoiceSkin Demo on a TomTom GPS - 2010
- Open Source Hardware Hackers Start P2P Bank - 2009
- Lenovo X300 ad calls out Apple MacBook Air - 2008
- Automatically Lock Your Computer When You Walk Away with Blue Lock - 2008
- Efforts to Block Junk Mail Slowed by U.S. Postal Service - 2008