On Thursday, Holden echoed an earlier prediction by Portnoy that Google's Chrome -- which has never fallen at Pwn2Own -- will survive the first day of the contest, but probably drop the second or third days, when the rules change.
Google has promised to pay $20,000 to the first researcher who can hack Chrome and escape its sandbox on Day 1, when only vulnerabilities in Google's own code will be allowed. On the second and third days, researchers can employ a non-Chrome bug -- one in Windows, for example -- to break out of the sandbox. A successful attack on the second or third day will still put $20,000 in the researcher's pocket, but Google and TippingPoint will split the check.
"What's cool about Pwn2Own is that it's a way to take this amazing reverse engineering work that people have done, than then put it in a lasered approach to show exploits in the real world," said Holden. "In security, we don't know what we don't know, and we're always learning something new."
Sign up for Computerworld eNewsletters.