It all started on June 16th 2011 with a blog post:

That’s right! June 16th this year, 2021, marks our 10th birthday! 🥳
To celebrate we want to give something special back to the security research community, and we chose to giveaway a fully paid Pentesting with Kali Offensive Security PEN-200 OSCP certification course, worth $999!
To be in with a chance to win the best hands on security certification available, all you have to do is submit a valid WordPress core, plugin or theme vulnerability to us via our website submission form.
We will be picking a winner at random on our birthday, June 16th, from any security researcher that submitted a valid vulnerability to us this year (2021) up until our birthday.
Best of luck to you and thank you for your support over the years!
View the full WPScan origin blog post archived on the WayBack machine https://web.archive.org/web/20110712001315/http://www.ethicalhack3r.co.uk/security/introducing-wpscan-wordpress-security-scanner