Microsoft Offering $250,000 in Windows Security Contest

Researchers who develop new security technologies to protect Windows against exploits can be up to $200,000 richer, thanks to a BlueHat Prize contest announced by Microsoft.

The contest is open for participants now, and Microsoft will accept submissions until April 1, 2012. BlueHat is a Microsoft security conference event, but the BlueHat Prize winner will be announced at the Black Hat 2012 conference. No venue for that event appears announced yet.

Redmond will be handing out a cash prize of $200,000 for first place, $50,000 for second place and two lifetime memberships to the MSDN subscription service for third and fourth place winners. The goal is to create the best "novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities."

Unlike similar security contests like Pwn2Own, which awards participants who can find vulnerabilities in specific software, Microsoft's contest will be rewarding individuals who make it harder for vulnerabilities to pop up in the first place.

"Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues. We believe the BlueHat Prize can catalyse defensive efforts to help mitigate entire classes of attacks," said Matt Thomlinson, Microsoft Trustworthy Computing Group's general manager, in a released statement.

Those who have their work chosen as winners will still retain ownership of the intellectual property and will only grant Microsoft a license to use it.

Each entry will be judged based on the following criteria:

  • Practicality and functionality (30 points)
  • Impact (40 points)
  • Robustness, or how well it holds up against attacks (40 points)

The contest is aimed at finding new Windows security technology, but it may also spur new thinking.

"This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks rather than thinking about software security as a challenge best addressed one bug at a time," said Brad Arkin, senior director for product security and privacy at Adobe. "This research has the potential to lower costs for third-party developers and increase the level of security assurance for end users."

More information, including official rules, can be found here.

About the Author

Chris Paoli is the site producer for and


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.