Black Hat: Find the next, great security technology, and Microsoft will pay you $200,000

Share this article:

Microsoft is breaking out the piggy bank to incentivize researchers to develop advanced technologies to defend Windows and the applications that run on top of the world's most popular operating system.

The software giant announced Tuesday at the Black Hat conference in Las Vegas that it plans to hand out $250,000 in cash and prizes – including a $200,000 grand prize – to "contestants who design the most effective ways to prevent the use of memory safety vulnerabilities, a key area of focus for Microsoft." An example of such a technology is the data execution prevention feature in newer versions of Windows.

The competition, known as Blue Hat, is meant to steer the concentration of researchers away from individual issues, Microsoft said. It was announced at a conference known for its high-profile presentations that reveal specific vulnerabilities in software and hardware products.

“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology,” said Matt Thomlinson, general manager of the Trustworthy Computing Group at Microsoft.

Contest details are available at www.BlueHatPrize.com. Entries will be accepted until April 1, 2012, and winners will be announced at next year's Black Hat show.

Submissions will be graded by a panel of Microsoft engineers. Forty percent of the judging weight will be placed on impact, 30 percent on practicality and functionality and 30 percent on robustness, meaning how easy would it be to bypass the technology.

“Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices,” said Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center. “We're looking to collaborate with others to build solutions to tough industry problems."

Andrew Storms, director of security operations at nCircle, which makes vulnerability management products, told SCMagazineUS.com on Wednesday that the initiative is long overdue, considering criminals often have a "leg-up" on the white-hat community.

He said it is critical for researchers to "think like a scientist" to head off today's sophisticated threats.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.