Black Hat: Find the next, great security technology, and Microsoft will pay you $200,000

Share this article:

Microsoft is breaking out the piggy bank to incentivize researchers to develop advanced technologies to defend Windows and the applications that run on top of the world's most popular operating system.

The software giant announced Tuesday at the Black Hat conference in Las Vegas that it plans to hand out $250,000 in cash and prizes – including a $200,000 grand prize – to "contestants who design the most effective ways to prevent the use of memory safety vulnerabilities, a key area of focus for Microsoft." An example of such a technology is the data execution prevention feature in newer versions of Windows.

The competition, known as Blue Hat, is meant to steer the concentration of researchers away from individual issues, Microsoft said. It was announced at a conference known for its high-profile presentations that reveal specific vulnerabilities in software and hardware products.

“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology,” said Matt Thomlinson, general manager of the Trustworthy Computing Group at Microsoft.

Contest details are available at Entries will be accepted until April 1, 2012, and winners will be announced at next year's Black Hat show.

Submissions will be graded by a panel of Microsoft engineers. Forty percent of the judging weight will be placed on impact, 30 percent on practicality and functionality and 30 percent on robustness, meaning how easy would it be to bypass the technology.

“Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices,” said Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center. “We're looking to collaborate with others to build solutions to tough industry problems."

Andrew Storms, director of security operations at nCircle, which makes vulnerability management products, told on Wednesday that the initiative is long overdue, considering criminals often have a "leg-up" on the white-hat community.

He said it is critical for researchers to "think like a scientist" to head off today's sophisticated threats.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.