Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Development
    • Networking

    Microsoft Offers $250,000 in BlueHat Prizes for Security Technology

    By
    Fahmida Y. Rashid
    -
    August 8, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft announced a contest to encourage security researchers to think about defensive security technology.

      Dubbed the Blue Hat contest, researchers would submit the “most effective ways to prevent the use of memory safety vulnerabilities,” Microsoft said Aug. 3 at the annual Black Hat security conference in Las Vegas. The Microsoft BlueHat Prize contest will award $250,000 in cash prizes for the best “innovations in runtime mitigation technologies,” according to Microsoft.

      Microsoft wants to encourage security experts to think about “ways to reduce threats to computing devices,” Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center said at the press conference announcing the contest. BlueHat was a way to “capture” their imagination and energies to focus on “tough industry problems” instead of on black hat activities, Moussouris told eWEEK.

      Contest submissions must be a runtime mitigation technology capable of preventing the exploitation of memory safety vulnerabilities, according to the official contest rules. Those kinds of vulnerabilities, such as return-oriented programming and just-in-time spraying, are often exploited as buffer overflows by attackers.

      With the increase in criminal attacks on private and government computer systems, Microsoft wants to focus research in defensive technology, Moussouris said. The cash prize may encourage security experts to think about ways to “reduce threats to computing devices,” she said.

      “This is another example of Microsoft leading the pack when it comes to information security milestones,” said Andrew Storms, director of security operations at nCircle, noting the company is already known for Address space layout randomization (ASLR) and Data Execution Prevention (DEP).

      BlueHat is different from bug bounty programs offered by Google, Mozilla and Facebook in that Microsoft doesn’t want to hear about vulnerabilities, but wants to get researchers involved in coming up with ways to fix the issues, Moussouris said.

      “Money always talks, so this contest should rally the base of security researchers,” Storms said.

      Security was a “cat and mouse” game as attackers find new holes and defenders close them, Moussouris said, acknowledging that once a winner was announced, attackers will be focusing on the new technology to try to find new vulnerabilities. Despite the fact that attackers are finding holes in ASLR and DEP, overall, these two mitigation technologies have made modern operating systems more secure.

      Since there will “always” be bugs in software, the ideal scenario is one where “even if a bug is found, it cannot be used as an attack vector because defensive security technologies prevent it from being used that way,” Storms said. BlueHat would move the industry closer to that scenario, he said.

      Microsoft will accept submissions from Aug. 3 to April 1, 2012. The winners will be announced at Black Hat 2012, Microsoft said. Judges will rate the submissions on practicality (30 percent), robustness (30 percent) and impact (40 percent), the company said. Judges will come from security researchers within Microsoft who are experts in the kinds of threats that could exploit the vulnerabilities, Moussouris said.

      The grand prize winner will receive $200,000 and the second place $50,000. The third place winner will receive a Universal Subscription to Microsoft Developer Network platform, valued at $10,000. The inventor retails ownership of the intellectual property and grants Microsoft a license to the technology. Researchers who don’t win still own their intellectual property.

      The prize “should attract plenty of industry talent and will bring valuable outside, creative approaches to Windows security,” said Wolfgang Kandek, CTO of Qualys.

      Avatar
      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×