This year at Black Hat USA, Trend Micro’s Zero Day Initiative (ZDI) will award our inaugural Vanguard Awards recognizing some of the best researchers and vendors we have dealt with over the last year. We plan on these being annual awards, with the categories changing to keep with the latest changes in the threat landscape – or if there’s someone or something we really want to highlight. Our goal is simply to highlight the good work in the community that may go unnoticed. We also want to stay positive with these awards. While it certainly may be fun to point out errors that occur, we think it’s more important to highlight the good work being done that would otherwise go unnoticed.
For the Researcher Awards, there are five categories for 2024:
1. Best use of the RF enclosure
During Pwn2Own competitions, we sometimes need to use an RF enclosure (Faraday cage) to ensure the exploit demonstrated doesn’t impact real-world systems. This award goes to the individual (or team) who had the best use of the enclosure in this year’s events.
2. Most Prolific Researcher
This award is given to the researcher who contracted the most cases in the last year. This means their submissions were actually purchased by the ZDI. This award reflects the hard work and dedication researchers put in throughout the year to help protect Trend Micro customers and others. The bugs they submit get patched rather than re-sold and exploited.
3. Most Likely to Keep Incident Responders Awake
Not all bugs are created equal. Some are more esoteric while others are straightforward and likely to be exploited. These submissions show a level of practicality vendors appreciate, and threat actors do, too.
4. Best Use of AI
This award goes to the researcher who had the best use of Artificial Intelligence throughout the year. This could be demonstrated at a Pwn2Own event or a regular case submission.
5. Most In-Depth Submissions
Not all submissions are equal. Some truly stand out amongst others. This category recognizes the researcher who continually goes above and beyond in their submissions, including write-ups and code examples. Their submissions not only help us understand the underlying vulnerability, but they help the vendor understand it as well.
Moving on to the Vendor Awards, here are the five categories for 2024:
1. Best security advisories
Security advisories are one of the best tools in the defender’s arsenal to gauge the risk to their enterprise, but not all advisories provide accurate, thorough information. This award goes to the vendor who consistently provides clear, actionable information in an easy-to-read format.
2. Most transparent communication
Not every communication between the ZDI and vendors goes smoothly. That’s why it is important to highlight the vendors who are honest and transparent with their communications, even if they are communicating bad news.
3. Most collaborative vendor
Not all vendors are happy to hear from the ZDI, but some collaborate with us to strengthen their products or services. This award goes to the vendor who went above and beyond in their work with the Zero Day Initiative.
4. Most improved vendor
Not every vendor starts with a fantastic response process. There’s often a learning curve, and it’s usually painful. However, we want to recognize the vendor who has made significant improvements to their responsiveness and security update process.
5. Fastest to patch
When dealing with as many disclosures as we do, it’s good to recognize those vendors who take bug reports seriously and patch them as fast as possible.
The Ceremony
The award ceremony itself will take place at the Trend Micro booth on the show floor at noon local time. We will present several of these awards in person and have some special video messages from those who cannot attend in person. We hope you can be there as well. If you’re unable to attend, follow us on Twitter, Mastodon, LinkedIn, or Instagram for the results.
Hoping to see you in Vegas!