Pwn2Own Day 1: Hackers Earn $280k For Hacking Chrome, Flash, Safari

wiredmikey writes: Pwn2Own 2016 contestants hacked Apple's Safari Web Browser, Adobe Flash Player and Google Chrome, and earned more than $280,000 on the first day of the competition taking place this week alongside the CanSecWest conference in Vancouver, Canada. This is the first edition of Pwn2Own where contestants have been invited to escape a VMware virtual machine for a bonus of $75,000, though there has not been a successful exploit yet in this class by any contestant this week. It remains to be seen if contestants manage to surpass last year's total payout, when white hat hackers earned $552,000 at Pwn2Own.

Re:Pwn2Own is too narrow in the scope

[Bert64]

Because browsers have a very large, very public attack surface and come from the desktop mentality where security wasn't even considered until recently...

Databases etc *should* have limited exposure to untrusted networks, and thus less attack surface - you typically interact with a frontend application rather than directly with the database for instance.

Webservers are obviously inherently public, but security on web servers has been a serious concern for a long time plus the typical web server is far less complex than a browser. Most web based vulnerabilities these days exist in individual applications rather than the web server software itself.