Charlie Miller thinks it should still be so easy to find software security bugs. I agree.

Computerworld - The only researcher to "three-peat" at the Pwn2Own hacking contest said today that security is such a "broken record" that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software.

Instead Charlie Miller will show the vendors how to find the bugs themselves.

In the latest Pwn2Own contest Firefox, Safari, iPhone and IE8 all fell to hackers. The IE8 hack was especially impressive because it was done on Win7 and involved beating Microsoft's Data Execution Prevention security mechanism.

Google Chrome survived alone among the major browsers. Curiously, Google released 11 patches right before Pwn2Own. Did Google do this in order to give hackers less time to find new vulnerabilities? Is Chrome really the most secure browser as some suggest?

In the browser I use most (Mozilla Firefox) I have both Java and Flash completely disabled. The browser itself is already a big enough security risk. Why add more? I fire up a different browser to watch a video on Youtube or some other site that has a Flash video I really want to watch. I do not miss Java applets. But if the need ever arises I'll make an exception and fire up a browser I have installed that will handle Java. Otherwise, why run the risk?

Since the vendors are so lame we need to take additional precautions as users. Look at the MS Internet Explorer bug that enabled Chinese hackers (probably working for the Chinese military) to break into corporate networks. They sucked out source code from