Black Hat: Find the next, great security technology, and Microsoft will pay you $200,000

Share this article:

Microsoft is breaking out the piggy bank to incentivize researchers to develop advanced technologies to defend Windows and the applications that run on top of the world's most popular operating system.

The software giant announced Tuesday at the Black Hat conference in Las Vegas that it plans to hand out $250,000 in cash and prizes – including a $200,000 grand prize – to "contestants who design the most effective ways to prevent the use of memory safety vulnerabilities, a key area of focus for Microsoft." An example of such a technology is the data execution prevention feature in newer versions of Windows.

The competition, known as Blue Hat, is meant to steer the concentration of researchers away from individual issues, Microsoft said. It was announced at a conference known for its high-profile presentations that reveal specific vulnerabilities in software and hardware products.

“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology,” said Matt Thomlinson, general manager of the Trustworthy Computing Group at Microsoft.

Contest details are available at www.BlueHatPrize.com. Entries will be accepted until April 1, 2012, and winners will be announced at next year's Black Hat show.

Submissions will be graded by a panel of Microsoft engineers. Forty percent of the judging weight will be placed on impact, 30 percent on practicality and functionality and 30 percent on robustness, meaning how easy would it be to bypass the technology.

“Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices,” said Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center. “We're looking to collaborate with others to build solutions to tough industry problems."

Andrew Storms, director of security operations at nCircle, which makes vulnerability management products, told SCMagazineUS.com on Wednesday that the initiative is long overdue, considering criminals often have a "leg-up" on the white-hat community.

He said it is critical for researchers to "think like a scientist" to head off today's sophisticated threats.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.