Black Hat: Find the next, great security technology, and Microsoft will pay you $200,000

Share this article:

Microsoft is breaking out the piggy bank to incentivize researchers to develop advanced technologies to defend Windows and the applications that run on top of the world's most popular operating system.

The software giant announced Tuesday at the Black Hat conference in Las Vegas that it plans to hand out $250,000 in cash and prizes – including a $200,000 grand prize – to "contestants who design the most effective ways to prevent the use of memory safety vulnerabilities, a key area of focus for Microsoft." An example of such a technology is the data execution prevention feature in newer versions of Windows.

The competition, known as Blue Hat, is meant to steer the concentration of researchers away from individual issues, Microsoft said. It was announced at a conference known for its high-profile presentations that reveal specific vulnerabilities in software and hardware products.

“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology,” said Matt Thomlinson, general manager of the Trustworthy Computing Group at Microsoft.

Contest details are available at www.BlueHatPrize.com. Entries will be accepted until April 1, 2012, and winners will be announced at next year's Black Hat show.

Submissions will be graded by a panel of Microsoft engineers. Forty percent of the judging weight will be placed on impact, 30 percent on practicality and functionality and 30 percent on robustness, meaning how easy would it be to bypass the technology.

“Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices,” said Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center. “We're looking to collaborate with others to build solutions to tough industry problems."

Andrew Storms, director of security operations at nCircle, which makes vulnerability management products, told SCMagazineUS.com on Wednesday that the initiative is long overdue, considering criminals often have a "leg-up" on the white-hat community.

He said it is critical for researchers to "think like a scientist" to head off today's sophisticated threats.

Share this article:

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.