Commentary

Serdar Yegulalp
 

Where Was Linux In The Pwn2Own Contest?

The first round of the Pwn2Own was something of a redux of the previous one: the Mac was the first to fall (I'm actually not surprised given Apple's culture of obscurity-over-security), with Windows 7 via IE 8 shortly thereafter. But Linux wasn't even in the running this time. What gives?

The first round of the Pwn2Own was something of a redux of the previous one: the Mac was the first to fall (I'm actually not surprised given Apple's culture of obscurity-over-security), with Windows 7 via IE 8 shortly thereafter. But Linux wasn't even in the running this time. What gives?


More Software Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

A couple of comments posted on the TippingPoint blog about the Pwn2Own contest might provide a clue. When people asked about why Opera was left out of the running, the response was: "Based on market share we only accept Internet Explorer and Firefox vulnerabilities" (although there were plenty of counter-responses regarding Opera's prevalence in the mobile market).

If that's the case, it sounds like Linux was dropped from the contest for the same reason: its market share still bulks tiny next to either Windows or the Mac. And in the abstract, they're right about it: people write malware and exploit zero-day weaknesses in Windows because that's where the money is.

But it doesn't make sense to ignore Linux entirely, especially when a) it's a growing market segment in many respects and b) its supporters must stop seeing security as an inevitable by-product of the open source development process. It helps, not hurts, their image to have their security tested in high-profile ways like this.

Addendum: Turns out the competition was browser- rather than OS-centric, which explains at least in part why Linux per se wasn't featured. I'm not positive that's the best way to proceed, since a given browser can demonstrate security deficiencies differently on different platforms.


InformationWeek Analytics has published an independent report on disaster recovery planning. Download the report here (registration required).


Follow me and the rest of InformationWeek on Twitter.


Related Reading




Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
T-Shirt Giveaway T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting!
Subscribe to RSS

Resource Links