CanSecWest and the Pwn2Own hacking contest wrapped up for another year. The biggest payoffs were for browser exploits, not just zero-days in IE 11, Firefox and Chrome. Experts spent hours explaining how attackers can and will soon exploit weaknesses in bootloaders and machine BIOS in order to own systems. No Free Bugs movement clamored for vendors to pay up for seven-figure exploits for exclusive six-figure deals. The threat to the boot-up process is real and it may be one area where researchers have a jump on attackers.
Source: https://threatpost.com/three-things-to-take-away-from-cansecwest-pwn2own/104835/