Microsoft Corp.'s Trustworthy Computing Group today announced the BlueHat Prize competition to reward security researchers with more than $250,000 in cash and prizes for developing innovative, new computer security protection technology.
"As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology," said Matt Thomlinson, general manager, Trustworthy Computing Group, Microsoft. "Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues. We believe the BlueHat Prize can catalyze defensive efforts to help mitigate entire classes of attacks."
The top three winners in the BlueHat Prize competition will earn more than $250,000 in cash and prizes: $200,000 for the grand prize, $50,000 for second place and an MSDN Universal subscription valued at $10,000 for third place. Prizes will be awarded to contestants who design the most effective ways to prevent the use of memory safety vulnerabilities. Examples of similar technologies include Data Execution Prevention, which helps prevent attacks that attempt to exploit vulnerabilities in software.
"Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices," said Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center. "We're looking to collaborate with others to build solutions to tough industry problems. We believe the BlueHat Prize will encourage the world's most talented researchers and academics to tackle key security challenges and offer them a chance to impact the world."
Three years ago, Microsoft took the unconventional approach to security challenges by creating the Microsoft Active Protections Program (MAPP) to help further protect its customers. Through this program, Microsoft shares information with security vendors around the world to release protection technologies to their customers much faster. This helped shift the advantage to security providers by promoting collaboration within the industry, even among competitors. The success of MAPP and its global network of defenders prompted Microsoft to think about how something similar could be done for the security research community.
Beginning today, the official rules and guidelines for the competition are available at http://www.BlueHatPrize.com, and contest submissions will be accepted from Wednesday, Aug. 3, 2011, until Sunday, April 1, 2012. A panel of Microsoft security engineers will judge submissions based on the following criteria: Practicality and Functionality (30 percent); Robustness - how easy it would be to bypass the proposed solution (30 percent); and Impact (40 percent). The winners will be announced at Black Hat USA 2012.