## Cloud Hacking Contest Sparks Plagiarism Accusations
A new hacking contest has caused a social media kerfuffle over allegations of rule copying and plagiarism.Wiz,the cloud-security shop that agreed to acquire for $32 billion (pending approvals),on Tuesday announced its new cloud-hacking competition called Zero Day Cloud, with a $4.5 million prize pool. The competition is open to hackers who can find and exploit a 0-click remote code execution (RCE) or container escape vulnerability in any of the 20 open-source projects that power the major cloud platforms.Contestants have until December 1 to submit their entries, and those accepted will be invited to demonstrate their exploits on stage in London on december 10 and 11. If a demo succeeds, Wiz validates and discloses to maintainers, and the researchers win a payout ranging from $10,000 to $300,000 depending on the target.
And, according to Trend Micro’s Zero Day Initiative, which hosts Pwn2Own – one of the world’s biggest hacking contests – Wiz’s Zero Day Cloud rules look eerily similar to its own.
Cloud Security Face-Off: Trend Micro Calls Out Wiz Over ‘Copycat’ Hacking Contest
A playful rivalry has erupted in the cloud security world, with Trend Micro publicly calling out wiz for launching a hacking competition that appears remarkably similar to its own long-running Pwn2Own contest.
the spat began when Wiz announced its “Cloud Security Slam” competition, which was quickly met with memes and reposted by Trend Micro, who cheekily invited Wiz to join the Pwn2Own Ireland event starting October 21st.Pwn2Own Ireland boasts a hefty $1 million bounty for a 0-click Remote Code Execution (RCE) vulnerability in WhatsApp.
Trend Micro didn’t hold back, snarking, “Bring your best, but maybe don’t copy our rules next time and we can help you judge the entries ;).”
Wiz declined to comment on the allegations of rule replication to The register, instead directing inquiries to its LinkedIn response posted on Friday.
The Register also spoke with Zero Day Initiative’s Brian childs for his outlook on the new competition.
ZDI welcomes Competition from Zero Day Cloud’s Hacking Contest
Trend Micro’s Zero Day Initiative (ZDI) has responded to the launch of Zero Day Cloud’s new hacking competition with a spirit of cautious optimism, acknowledging the benefits of increased opportunities for vulnerability research. While noting similarities to their own Pwn2Own contests, ZDI’s director of research, Chris Childs, emphasized that the initiative doesn’t claim exclusivity over the concept of hacking competitions.
“[ZDI] has no exclusivity on writing a hacking competition,” Childs stated, as reported by The Register.”we make no claim on running a Pwn2Own-style competition either – anyone can do that.”
However, Childs expressed some frustration regarding the use of ZDI’s established rules, developed over 15 years of running Pwn2Own, without acknowledgement. He explained that each rule has a specific rationale, born from experience – such as the time limit implemented after a competitor spent hours exploiting a vulnerability on stage.
“So it was a little frustrating to see it used that way, especially coming from them,” Childs said. Despite this, he remains interested in the outcome of Zero Day cloud’s contest and even suggested potential future participation from ZDI researchers.
The security community largely agrees that more hacking competitions are beneficial. Security researcher Steven Seeley https://x.com/steventseeley/status/1973539745507713253 weighed in on X (formerly Twitter), and FuzzySec https://x.com/FuzzySec/status/1973662725105721567 echoed the sentiment that “it’s better for everyone” if more competitions exist.
Childs concurred, stating that any competition that leads to the revelation and patching of vulnerabilities before they are exploited in the wild aligns with ZDI’s goals. He also highlighted the potential for innovation through competition. “Competition drives innovation. So maybe they’ll do something that we’ll see and like, and say, hey, we can innovate like that too,” he said.
Looking ahead, Childs expressed interest in observing how Zero Day Cloud’s rules evolve over time, suggesting a willingness to learn from and potentially adopt successful elements in future ZDI contests. “Maybe they’ll learn something that’s really good,” he said. “And we could borrow that for our rules, too.”