

Nominations for the 2010 Pwnie Awards - tptacek
http://pwnies.com/nominations/

======
tptacek
This whole thing started as a joke a couple years ago, but now it's as good a
cross-section of what's going on in software security as any. If you don't pay
attention to vulnerability research (and most of you don't), skip to "Pwnie
for Most Epic Fail" --- there's some pretty funny stuff there. McAfee is a
mortal lock for that award this year.

Cringing with embarassment at the whole "best song award" thing? That's a nice
synecdoche for all that's weird about this thing we "security researchers" do.
Re-read the bit about Tavis Ormandy's #GP trap handler bug right after the
songs and see if your head doesn't explode.

~~~
euroclydon
Where, during the year, can we find a running list of these exploits as they
are revealed?

~~~
dion
As Marcin said, twitter seems to be the security industry hangout. Watch the
conference schedules/abstracts to get a good idea where the security industry
is headed (some exploits will be revealed in those talks/papers.) Full-
disclosure is OK, but I've never been able to follow it -- too noisy.

Really, I think the best way is to keep track of the major vendors security
advisory schedule (MS, Apple, Adobe, etc.) Those advisories will say which
researcher has submitted the which report. By following those researchers, you
will be able to keep out on top of the public research.

