couple of bloggers did writeups on it:
dre over at TS/SCI
David Maynor over at Errata Security
I'm sure there is more.
The winner was Charlie Miller of Independent Security Evaluators
Checking out the site it looks like they have been doing work on OS X vulnerabilities and research into selling 0day. Interesting.
Link: The legitimate vulnerability market: the secretive world of 0-day exploit sales
Charles Miller, Independent Security Evaluators
To me it was brilliant marketing on behalf of ISE. I don't really deal with 0day with the exception of begging for them, but I imagine that a remote preauth on any of the 3 OS's involved in the pwn2own contest is worth way more than $20k on both the "dark side" and "good side" of "responsible" disclosure. On the other hand, ISE gets to be on the front page of every security mag and blog for the next few days for the price of giving up one client side exploit and they get $10,000 on top of it. Cheers guys. Job well done. Bonus points for pwning the system.
and more fun from: http://www.securityevaluators.com/independent_eva.html
Services we do not provide:
Don't pay us to run nessus
At ISE, we offer specialized expert security services. Therefore, we do not perform commodity services such as automated networks scans and firewall configuration.
ISE also does not do Common Criteria evaluation.
Life is too short.