Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com)

Posted by timothy on from the one-hand-behind-back dept.

darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year, is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security: "'We wanted to focus on the browsers that have made serious security improvements in the last year,' Brian Gorenc, manager of Vulnerability Research at HPE said."

4 of 288 comments (clear)

  1. Re:what? by sittingnut · · Score: 5, Insightful

    to add to my above, those who are in charge of firefox no longer interested making its core product better and secure. it is interested market and marketing, bowing to establishment ideology and legalese, etc etc

  2. Can't expect Firefox to be secure by Anonymous Coward · · Score: 5, Insightful

    The FF developers don't have the time for that, they're far too busy destroying the user experience just a little bit more with each release.

    It takes a lot of time and effort and great skill to ruin what used to be the best browser you know, it doesn't happen by itself!

    (I just wish I were joking. Unfortunately they have the Microsoft disease of "The UI must change with each release to show that we're doing something". It's mind-boggling in its insanity, and it annoys their supporters continually. If they hadn't touched the UI in the last 5 years and devoted all their energy to security and performance instead, FF would still be the leading browser today.)

  3. Re:what? by Carewolf · · Score: 5, Insightful

    +5 funny. Firefox drops every year at Pwn2Own. So that "superior security" doesn't seem to actually amount to much in real life.

    All the browsers fail every single year.

  4. Re:what? by naris · · Score: 5, Insightful

    Something being open source has never, ever meant that it is more secure. That is a myth propagated by open source zealots. Open source only means that, the source can be viewed, and most likely changed, by anyone. Open source zealots assume that means it is rigorously vetted by security experts to find any flaws and fix them, which is a huge assumption that mostly likely is not true for most projects.