[tinco]

How many of those kernel bugs translate to meaningful RCE's in generally available stable software? Maybe I'm out of the loop, but as that presentation says nowadays a big 0day will have a logo and national headlines, that also underlines how rare they are.

To me the history of Pwn2Own exactly shows the trend I'm talking about. Going from very successful editions to increasingly less successful editions as the years go by to the point where the competition barely even exists anymore.

And then that baseband firmware exploit, that's the dream. You could hack any device with that almost regardless of what software runs on top. I put that in the same class as the Intel chip vulnerabilities.

[d2mw]

Pwn2Own fell out of the spotlight over time because they managed to piss off sponsors and teams alike, not because any material improvement occurred in software security, involving systems that for the most part continue to be millions of lines of C just like they were in the 90s. Security processes have improved tremendously in recent times, but software security in general has advanced only incrementally at best, such that individuals can still succeed at breaking the majority of software, and are able to do so with such reliability that the practice is done as a sporting event.

Per the slides over 150 of those kernel bugs resulted in code execution, and that is already a lowball count of the true number. Upstream Linux, being possibly the most visible and well-resourced OS codebase around, even by 2019 does not have the tools necessary just to automatically find the bugs we already know exist.

[BuildTheRobots]

> Pwn2Own fell out of the spotlight over time because they managed to piss off sponsors and teams alike

I don't suppose there's any more information - it sounds like an interesting tale.

[staticassertion]

Well the first Chrome RCE attack leveraged a Windows kernel exploit, so that seems like a reasonable one to point to.