| Monday May 30th 2016

Where Was Linux In The Pwn2Own Contest?

The first round of the Pwn2Own was something of a redux of the previous one: the Mac was the first to fall (I’m actually not surprised given Apple’s culture of obscurity-over-security), with Windows 7 via IE 8 shortly thereafter. But Linux wasn’t even in the running this time. What gives?

hack contest IE8 Firefox Safari OperaA couple of comments posted on the TippingPoint blog about the Pwn2Own contest might provide a clue. When people asked about why Opera was left out of the running, the response was: “Based on market share we only accept Internet Explorer and Firefox vulnerabilities” (although there were plenty of counter-responses regarding Opera’s prevalence in the mobile market).

If that’s the case, it sounds like Linux was dropped from the contest for the same reason: its market share still bulks tiny next to either Windows or the Mac. And in the abstract, they’re right about it: people write malware and exploit zero-day weaknesses in Windows because that’s where the money is.

But it doesn’t make sense to ignore Linux entirely, especially when a) it’s a growing market segment in many respects and b) its supporters must stop seeing security as an inevitable by-product of the open source development process. It helps, not hurts, their image to have their security tested in high-profile ways like this.

Addendum: Turns out the competition was browser- rather than OS-centric, which explains at least in part why Linux per se wasn’t featured. I’m not positive that’s the best way to proceed, since a given browser can demonstrate security deficiencies differently on different platforms.


Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.