Controversial security researcher ranking site Pwnhead considers its future

Controversial security researcher ranking site Pwnhead considers its future

Site which ranks infosec researchers and conferences suffers immediate backlash

Credit: Dreamstime

A recently launched website that ranks security researchers and conferences is already questioning its future following a backlash from those working in the field. launched at the tail end of last year, with the aim of scoring security conferences, companies and the people that work for them.

“If a conference were a movie, you can just open and check it’s score. But there is no such thing for security conferences,” a blog post on the site explains.

The same is true of companies and their employees, the 3 January post says.

“All these problems occurs because of a one thing: There is no standardised review/scoring system in computer security scene. We built as a solution for these problems,” the blog reads.

The site scores 82 global conference on a number of metrics, including its age, the number of attendees, and access to video recording.

The highest ranked is DEF CON in Las Vegas, followed by Black Hat USA and Black Hat Europe. Kiwicon, hosted in Wellington, ranks 78 on the list.

Individuals were scored on their ‘technical skills’; using metrics such as the number of Github repositories and stars, the popularity of their security tools, the number of presentations they’ve given at popular conferences, number of journal papers and books published, as well as the person’s “impact on the security scene” as determined by Pwnhead’s 10 editors.

The top three security researchers, out of the 196 on the site, are Tavis Ormandy, a vulnerability researcher at Google; Dafydd Stuttard from web security testing software maker Portswigger; and red team software-maker Strategic Cyber’s co-founder Raphael Mudge.

Five A/NZ-based researchers feature in the ranking: Wade Alcorn, Aldo Cortesi, Michael Skelton, Eldar Marcussen, Shubham Shah and Andrew Horton.

A company’s score is ascertained by taking an average score of the top five people that work there, the site’s explainer says. Google, Atredis Partners, Snap Inc, Spectorops and Mozilla make up the top five companies in the Pwnhead ranking.


No sooner had the site (believed to be run out of the UK) launched, than it faced criticism from the infosec community.

Some questioned the value of a ranking, mocking it as a “popularity contest”. Others were uneasy about the anonymity of the editors and opaqueness of the ranking algorithm.

A number of those ranked on the site requested to be removed from the list.

The site’s Twitter account initially responded that “it’s just fun” adding that it had made its metrics very clear and would soon be making public the formula behind the rankings.

Commonwealth Bank of Australia’s senior manager for penetration testing, David Jorm, took to Twitter to say he would not be looking kindly on Pwnhead listed researchers.

“I've been hiring pen testers and security engineers for seven years,” he said. “Everyone on the Pwnhead list is now on my auto-delete list when applying for roles. Please ask them to remove you then re-apply.”

Today, just over two weeks since it launched, the site admitted its shortcomings on Twitter.

“Our intention was creating a good value for security community. But it seems we’ve failed to do it,” the tweet read.

A tweet poll – asking users whether Pwnhead should continue unchanged or ditch the people ranking element of the site – has currently generated more than 400 votes, 80 per cent of which want the individual rankings removed.


Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments