BlueHat contest looks to inspire cyber defense measures with $200K prize

Microsoft has announced its inaugural BlueHat Prize contest, which is "designed to generate new ideas for defensive approaches to support computer security," and the researcher who does the best job could win $200,000.

The contest is open for participants now, and Microsoft will accept submissions until April 1, 2012. BlueHat is a Microsoft security conference event, but the BlueHat Prize winner will be announced at the Black Hat 2012 conference. No venue for that event appears announced yet.

Redmond will be handing out a cash prize of $200,000 for first place, $50,000 for second place and two lifetime memberships to the MSDN subscription service for third- and fourth-place winners. The goal is to create the best "novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities."

Unlike similar security contests like Pwn2Own, which awards participants who can find vulnerabilities in specific software, Microsoft's contest will be rewarding individuals who make it harder for vulnerabilities to pop up in the first place.

"Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues. We believe the BlueHat Prize can catalyse defensive efforts to help mitigate entire classes of attacks," said Matt Thomlinson, Microsoft Trustworthy Computing Group's general manager, in a released statement.

Those who have their work chosen as winners will still retain ownership of the intellectual property and will only grant Microsoft a license to use it.

Each entry will be judged based on the following criteria:

  • Practicality and functionality (30 points)
  • Impact (40 points)
  • Robustness, or how well it holds up against attacks (40 points)

The contest is aimed at finding new Windows security technology, but it may also spur new thinking.

"This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks rather than thinking about software security as a challenge best addressed one bug at a time," said Brad Arkin, senior director for product security and privacy at Adobe. "This research has the potential to lower costs for third-party developers and increase the level of security assurance for end users."

More information, including official rules, can be found here.

About the Author

Chris Paoli is the associate Web editor for 1105 Enterprise Computing Group's Web sites, including,, and


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected