Menu
Controversial security researcher ranking site Pwnhead considers its future

Controversial security researcher ranking site Pwnhead considers its future

Site which ranks infosec researchers and conferences suffers immediate backlash

Credit: Dreamstime

A recently launched website that ranks security researchers and conferences is already questioning its future following a backlash from those working in the field.

Pwnhead.com launched at the tail end of last year, with the aim of scoring security conferences, companies and the people that work for them.

“If a conference were a movie, you can just open imdb.com and check it’s score. But there is no such thing for security conferences,” a blog post on the site explains.

The same is true of companies and their employees, the 3 January post says.

“All these problems occurs because of a one thing: There is no standardised review/scoring system in computer security scene. We built pwnhead.com as a solution for these problems,” the blog reads.

The site scores 82 global conference on a number of metrics, including its age, the number of attendees, and access to video recording.

The highest ranked is DEF CON in Las Vegas, followed by Black Hat USA and Black Hat Europe. Kiwicon, hosted in Wellington, ranks 78 on the list.

Individuals were scored on their ‘technical skills’; using metrics such as the number of Github repositories and stars, the popularity of their security tools, the number of presentations they’ve given at popular conferences, number of journal papers and books published, as well as the person’s “impact on the security scene” as determined by Pwnhead’s 10 editors.

The top three security researchers, out of the 196 on the site, are Tavis Ormandy, a vulnerability researcher at Google; Dafydd Stuttard from web security testing software maker Portswigger; and red team software-maker Strategic Cyber’s co-founder Raphael Mudge.

Five A/NZ-based researchers feature in the ranking: Wade Alcorn, Aldo Cortesi, Michael Skelton, Eldar Marcussen, Shubham Shah and Andrew Horton.

A company’s score is ascertained by taking an average score of the top five people that work there, the site’s explainer says. Google, Atredis Partners, Snap Inc, Spectorops and Mozilla make up the top five companies in the Pwnhead ranking.

Backlash

No sooner had the site (believed to be run out of the UK) launched, than it faced criticism from the infosec community.

Some questioned the value of a ranking, mocking it as a “popularity contest”. Others were uneasy about the anonymity of the editors and opaqueness of the ranking algorithm.

A number of those ranked on the site requested to be removed from the list.

The site’s Twitter account initially responded that “it’s just fun” adding that it had made its metrics very clear and would soon be making public the formula behind the rankings.

Commonwealth Bank of Australia’s senior manager for penetration testing, David Jorm, took to Twitter to say he would not be looking kindly on Pwnhead listed researchers.

“I've been hiring pen testers and security engineers for seven years,” he said. “Everyone on the Pwnhead list is now on my auto-delete list when applying for roles. Please ask them to remove you then re-apply.”

Today, just over two weeks since it launched, the site admitted its shortcomings on Twitter.

“Our intention was creating a good value for security community. But it seems we’ve failed to do it,” the tweet read.

A tweet poll – asking users whether Pwnhead should continue unchanged or ditch the people ranking element of the site – has currently generated more than 400 votes, 80 per cent of which want the individual rankings removed.

@georgepnott


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments