This year at Black Hat USA, Trend Micro’s Zero Day Initiative (ZDI) will award our inaugural Vanguard Awards recognizing some of the best researchers and vendors we have dealt with over the last year. We plan on these being annual awards, with the categories changing to keep with the latest changes in the threat landscape – or if there’s someone or something we really want to highlight. Our goal is simply to highlight the good work in the community that may go unnoticed. We also want to stay positive with these awards. While it certainly may be fun to point out errors that occur, we think it’s more important to highlight the good work being done that would otherwise go unnoticed.For the Researcher Awards, there are five categories for 2024:1. Best use of the RF enclosure During Pwn2Own competitions, we sometimes need to use an RF enclosure (Faraday cage) to ensure the exploit demonstrated doesn’t impact real-world systems. This award goes to the individual (or team) who had the best use of the enclosure in this year’s events.2. Most Prolific ResearcherThis award is given to the researcher who contracted the most cases in the last year. This means their submissions were actually purchased by the ZDI. This award reflects the hard work and dedication researchers put in throughout the year to help protect Trend Micro customers and others. The bugs they submit get patched rather than re-sold and exploited.3. Most Likely to Keep Incident Responders Awake Not all bugs are created equal. Some are more esoteric while others are straightforward and likely to be exploited. These submissions show a level of practicality vendors appreciate, and threat actors do, too. 4. Best Use of AI This award goes to the researcher who had the best use of Artificial Intelligence throughout the year. This could be demonstrated at a Pwn2Own event or a regular case submission.5. Most In-Depth Submissions Not all submissions are equal. Some truly stand out amongst others. This category recognizes the researcher who continually goes above and beyond in their submissions, including write-ups and code examples. Their submissions not only help us understand the underlying vulnerability, but they help the vendor understand it as well.Moving on to the Vendor Awards, here are the five categories for 2024:1. Best security advisories Security advisories are one of the best tools in the defender’s arsenal to gauge the risk to their enterprise, but not all advisories provide accurate, thorough information. This award goes to the vendor who consistently provides clear, actionable information in an easy-to-read format.2. Most transparent communication Not every communication between the ZDI and vendors goes smoothly. That’s why it is important to highlight the vendors who are honest and transparent with their communications, even if they are communicating bad news.3. Most collaborative vendor Not all vendors are happy to hear from the ZDI, but some collaborate with us to strengthen their products or services. This award goes to the vendor who went above and beyond in their work with the Zero Day Initiative.4. Most improved vendor Not every vendor starts with a fantastic response process. There’s often a learning curve, and it’s usually painful. However, we want to recognize the vendor who has made significant improvements to their responsiveness and security update process.5. Fastest to patch When dealing with as many disclosures as we do, it’s good to recognize those vendors who take bug reports seriously and patch them as fast as possible.The CeremonyThe award ceremony itself will take place at the Trend Micro booth on the show floor at noon local time. We will present several of these awards in person and have some special video messages from those who cannot attend in person. We hope you can be there as well. If you’re unable to attend, follow us on Twitter, Mastodon, LinkedIn, or Instagram for the results. Hoping to see you in Vegas!
Zero Day Initiative — Introducing the Vanguard Awards
Related Posts
Google Cloud to make MFA mandatory by the end of 2025
Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security. Google Cloud is a product designed for businesses,…
Docusign API Abused in Widescale, Novel Invoice Attack
Cybercriminals are abusing a Docusign API in a widescale, innovative phishing campaign to send fake invoices to corporate users that appear authentic and likely would not trigger typical security defenses…