OMG Pwnies!

It's an industry, there's a huge annual trade conference, so it's about time they got their own glittering awards. The Pwnies, to be handed out at the Black Hat Briefings in August, will mark the successes and failures of security researchers--known to some as "hackers".

There's a tongue-in-cheek air to the whole affair: One of the categories is for best song. (It's been done before--look here.) The other categories are best server-side bug, best client-side bug, mass ownage, most innovative research, lamest vendor response and most overhyped bug.

As far as I know, this is the first year of Pwnies, though they may have existed in underground form before. Flaws and research released between June 2005 and the end of May this year are eligible for entry, though, so perhaps not.

The awards could be seen as another tweak to the nose of software makers, whose disagreements with the security community reach a new pitch every year at Black Hat. This year's get-together in Las Vegas should see the demo of the recently claimed iPhone hack. In the past, a lot of dust has been stirred up by demos of an attack on an Apple MacBook and a Cisco router flaw.

To end, I just have to say I owe the headline to a comment by Dave Sanford on the Full Disclosure mailing list. Sorry, Dave--I couldn't resist.