Microsoft Offering $250,000 in Windows Security Contest -- Redmondmag.com

Microsoft Offering $250,000 in Windows Security Contest

By Chris Paoli
08/04/2011

Researchers who develop new security technologies to protect Windows against exploits can be up to $200,000 richer, thanks to a BlueHat Prize contest announced by Microsoft.

The contest is open for participants now, and Microsoft will accept submissions until April 1, 2012. BlueHat is a Microsoft security conference event, but the BlueHat Prize winner will be announced at the Black Hat 2012 conference. No venue for that event appears announced yet.

Redmond will be handing out a cash prize of $200,000 for first place, $50,000 for second place and two lifetime memberships to the MSDN subscription service for third and fourth place winners. The goal is to create the best "novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities."

Unlike similar security contests like Pwn2Own, which awards participants who can find vulnerabilities in specific software, Microsoft's contest will be rewarding individuals who make it harder for vulnerabilities to pop up in the first place.

"Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues. We believe the BlueHat Prize can catalyse defensive efforts to help mitigate entire classes of attacks," said Matt Thomlinson, Microsoft Trustworthy Computing Group's general manager, in a released statement.

Those who have their work chosen as winners will still retain ownership of the intellectual property and will only grant Microsoft a license to use it.

Each entry will be judged based on the following criteria:

Practicality and functionality (30 points)
Impact (40 points)
Robustness, or how well it holds up against attacks (40 points)

The contest is aimed at finding new Windows security technology, but it may also spur new thinking.

"This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks rather than thinking about software security as a challenge best addressed one bug at a time," said Brad Arkin, senior director for product security and privacy at Adobe. "This research has the potential to lower costs for third-party developers and increase the level of security assurance for end users."

More information, including official rules, can be found here.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.