Pwn2Own Contest Winner Tells Vendors Find Your Own Bugs

Charlie Miller, now a 3-time winner of the Pwn2Own hacking contest will not share 20 vulnerabilities with commercial software vendors like Apple, Microsoft and Adobe.  He is discouraged with the lack of progress being made to securely code popular applications, and says the vendors need to get off the pot and do their own testing.

 Miller “threw together” a logic fuzzer with a “few lines of code” and started finding vulnerabilities in Apple’s OS X 10.6, aka Snow Leopard, Safari browser, Microsoft’s PowerPoint, Adobe Reader, and’s productivity suite.  Miller was to take the floor at CanSecWest, the Vancouver, British Columbia-based security conference that also hosts Pwn2Own, to demonstrate how he found the vulnerabilities, hoping vendors would listen to what he has to say.

Good on you, Charlie, give a man a fish and you will feed him for a day.  Teach a man to fish and he will quickly forget you as he amasses his fortune…