Black Hat: Find the next, great security technology, and Microsoft will pay you $200,000

Share this article:

Microsoft is breaking out the piggy bank to incentivize researchers to develop advanced technologies to defend Windows and the applications that run on top of the world's most popular operating system.

The software giant announced Tuesday at the Black Hat conference in Las Vegas that it plans to hand out $250,000 in cash and prizes – including a $200,000 grand prize – to "contestants who design the most effective ways to prevent the use of memory safety vulnerabilities, a key area of focus for Microsoft." An example of such a technology is the data execution prevention feature in newer versions of Windows.

The competition, known as Blue Hat, is meant to steer the concentration of researchers away from individual issues, Microsoft said. It was announced at a conference known for its high-profile presentations that reveal specific vulnerabilities in software and hardware products.

“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology,” said Matt Thomlinson, general manager of the Trustworthy Computing Group at Microsoft.

Contest details are available at www.BlueHatPrize.com. Entries will be accepted until April 1, 2012, and winners will be announced at next year's Black Hat show.

Submissions will be graded by a panel of Microsoft engineers. Forty percent of the judging weight will be placed on impact, 30 percent on practicality and functionality and 30 percent on robustness, meaning how easy would it be to bypass the technology.

“Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices,” said Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center. “We're looking to collaborate with others to build solutions to tough industry problems."

Andrew Storms, director of security operations at nCircle, which makes vulnerability management products, told SCMagazineUS.com on Wednesday that the initiative is long overdue, considering criminals often have a "leg-up" on the white-hat community.

He said it is critical for researchers to "think like a scientist" to head off today's sophisticated threats.

Share this article:

Sign up to our newsletters

More in News

ICO fines U.K. travel firm £150,000 for 2012 breach

Data on more than one million credit and debit cards was pilfered in the 2012 breach of a system Think W3 Limited.

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.