Pwn2Own 2017 Offers Big Bounties For Linux, Browser, and Apache Exploits

Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:

• $100,000 for escaping a virtualization hypervisor
• $80,000 for a Microsoft Edge or Google Chrome exploit
• $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
• $50,000 for an Apple Safari exploit
• $30,000 for a Firefox exploit
• $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
• $200,000 for an Apache Web Server exploit

thought

[buddyglass]

Microsoft, Adobe, Google, Apple, and maybe some of the larger linux contributors/users (IBM, Oracle, Amazon) should form a sort of "consortium" and chip in $1M/year each to fund a much more lucrative version of pwn2own. That's chump change to them. With ~$8M in prizes yearly, I dare say we'd eliminate a lot of security flaws.

Submitter missed one of the bounties

[93+Escort+Wagon]

$1.99 for a working IIS exploit.

Re:Apache is trivial to exploit

[93+Escort+Wagon]

Go claim your $200,000 then.

One problem - his mom won't let him travel alone...