Incident Response, TDR, Vulnerability Management

Facebook awards Georgia Tech team $100K for security research

Facebook awarded $100,000 to a team of Georgia Institute of Technology researchers for discovering a new class of browser-based-memory-corruption vulnerabilities that had serious security implications  for C++ programs and for building the corresponding detection technique dubbed CAVER.

Professors Taesoo Kim and Wenke Lee, along with PhD students Byoungyoung Lee, Chengyu Song, received the social media giant's Internet Defense Prize (IDP) Wednesday, at the 24th USENIX Security Symposium in Washington D.C.

The team found nine bad casts in libstdc++ and two bad casts in Firefox. The researchers detailed their findings as well as their detection techniques in their paper “Type Casting Verification: Stopping an Emerging Attack Vector.” All of the vulnerabilities have since been patched. 

This is the second time the company has given out an IDP award since it created the program last year, according to a Facebook post

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.