You missed "Lamest Vendor Response". That's a though category. I want OpenCart to "win", but as General Motors' is the only one that required a Congressional inquiry, it's though to beat.
Hmm. I hadn't heard of the errata-driven memory corruption paper before: although interesting, it didn't seem terribly novel -- errata being used to adversely affect a machine have been around since the dawn of time.
My personal 'most innovative', I think, would go to the BROP paper. The other exploits are all interesting tricks on modern systems, but the BROP paper is the one that made my jaw really drop in terms of how much they could do with such little information...
Predictions:
* Serverside: Heartbleed
* Clientside: Geohot
* Privilege Escalation: evasi0n
* Most innovative: RPW's hardware memory corruption
* Epic fail: ISC2
* Epic ownage: MtGox