[1] Nominees are announced yearly at Summercon, and the awards themselves are presented at the Black Hat Security Conference.
The Pwnie Awards were founded in 2007 by Alexander Sotirov and Dino Dai Zovi[1] following discussions regarding Dino's discovery of a cross-platform QuickTime vulnerability (CVE-2007-2175) and Alexander's discovery of an ANI file processing vulnerability (CVE-2007-0038) in Internet Explorer.
[36] The award for best server-side bug went to Sergey Golubchik for his MySQL authentication bypass flaw.
[42][44] Other nominees included LinkedIn (for its data breach exposing password hashes) and the antivirus industry (for failing to detect threats such as Stuxnet, Duqu, and Flame).
[43] The award for "epic 0wnage" went to Flame for its MD5 collision attack,[44] recognizing it as a sophisticated and serious piece of malware that weakened trust in the Windows Update system.