Feeds

Microsoft to pay $250,000 for hot new security defenses

In search of new ideas

5 things you didn’t know about cloud backup

Microsoft is offering more than $250,000 to researchers who develop new security defenses to protect Windows users against attacks that exploit software bugs.

Microsoft's Blue Hat Prize announced on Wednesday at the Black Hat security conference will pay $200,000 for the best “novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities.” The two runners up will receive $50,000 and a MSDN Universal subscription valued at $10,000, respectively.

“The Microsoft BlueHat Prize contest is designed to generate new ideas for defensive approaches to support computer security,” the software maker's announcement stated. “As part of our commitment to a more secure computing experience, we hope to inspire security researchers to develop innovative solutions intended to address serious security threats.”

Microsoft over the years has added an alphabet soup of protections to its software that are designed to mitigate the damage that can be done when hackers discover buffer overflows and other bugs that inevitably afflict any complex piece of code. ASLR, or address space layout randomization; DEP, or data execution prevention; SEHOP, or structured exception handling overwrite protection; and SafeSeh are just some of the examples.

The protections aren't intended to prevent bugs, but rather to prevent attackers from exploiting them to steal data or remotely execute malicious code on vulnerable systems.

“This is the first and largest incentive prize ever offered by Microsoft, and possibly the industry, for defensive computer security technology,” Matt Thomlinson, general manager of Microsoft’s Trustworthy Computing Group, wrote here. “In the age of increased risk of attacks on personal, corporate and government computer systems, Microsoft recognizes the need to encourage and nurture innovation in the area of exploit mitigations.

Wednesday's announcement came a week after Facebook joined Mozilla and Google in paying cash bounties to researchers who privately report security vulnerabilities in their software and services. Microsoft continues to steadfastly refuse to reimburse bug discoverers for the time and expertise they provide in helping stamp out bugs on the Windows platform.

Contest rules are here. ®

Next gen security for virtualised datacentres

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.