BlueHat contest looks to inspire cyber defense measures with $200K prize
- By Chris Paoli
- Aug 05, 2011
Microsoft has announced its inaugural BlueHat Prize contest, which is "designed to generate new ideas for defensive approaches to support computer security," and the researcher who does the best job could win $200,000.
The contest is open for participants now, and Microsoft will accept submissions until April 1, 2012. BlueHat is a Microsoft security conference event, but the BlueHat Prize winner will be announced at the Black Hat 2012 conference. No venue for that event appears announced yet.
Redmond will be handing out a cash prize of $200,000 for first place, $50,000 for second place and two lifetime memberships to the MSDN subscription service for third- and fourth-place winners. The goal is to create the best "novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities."
Unlike similar security contests like Pwn2Own, which awards participants who can find vulnerabilities in specific software, Microsoft's contest will be rewarding individuals who make it harder for vulnerabilities to pop up in the first place.
"Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues. We believe the BlueHat Prize can catalyse defensive efforts to help mitigate entire classes of attacks," said Matt Thomlinson, Microsoft Trustworthy Computing Group's general manager, in a released statement.
Those who have their work chosen as winners will still retain ownership of the intellectual property and will only grant Microsoft a license to use it.
Each entry will be judged based on the following criteria:
- Practicality and functionality (30 points)
- Impact (40 points)
- Robustness, or how well it holds up against attacks (40 points)
The contest is aimed at finding new Windows security technology, but it may also spur new thinking.
"This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks rather than thinking about software security as a challenge best addressed one bug at a time," said Brad Arkin, senior director for product security and privacy at Adobe. "This research has the potential to lower costs for third-party developers and increase the level of security assurance for end users."
More information, including official rules, can be found here.
Chris Paoli is the associate Web editor for 1105 Enterprise Computing Group's Web sites, including Redmondmag.com, RCPmag.com, ADTmag.com and VirtualizationReview.com.