Microsoft Announces "BlueHat" Contest for Better Security Solu

[Jaymz]

As any Jedi knight knows, the temptation to turn to the Dark Side is difficult to resist. The same can be true for White Hat hackers--malware fighters who discover vulnerabilities in software.

The black market prices for those kinds of security flaws are as tantalizing to ethical hackers as the malevolent side of The Force was to Luke Skywalker. Microsoft wants to temper those temptations, though, and has announced a contest that offers more than $250,000 in prizes for developing better solutions to counter security threats.

Microsoft's "BlueHat Prize," announced by the company at the Black Hat security conference in Las Vegas Wednesday, offers a grand prize of $200,000, a runner-up purse of $50,000, and a third-place award of a one-year subscription to MSDN Universal--a developer's platform for Microsoft products--worth $10,000--to security researchers who design the most effective ways to prevent the use of memory safety vulnerabilities. Those kinds of vulnerabilities can create problems like buffer overflows that can be exploited by Net miscreants to compromise computers.

“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology," Matt Thomlinson, Microsoft’s General Manager of Trustworthy Computing Group, said.

“Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues," Thomlinson continued. "We believe the BlueHat Prize can catalyze defensive efforts to help mitigate entire classes of attacks."

Top Experts Needed

In offering the prize, Microsoft hopes to attract the world's top experts to focus their "little gray cells" on a major security problem. “Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices," observed Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center.

“We’re looking to collaborate with others to build solutions to tough industry problems," she added. "We believe the BlueHat Prize will encourage the world’s most talented researchers and academics to tackle key security challenges and offer them a chance to impact the world."

The Origin of the Concept

According to Microsoft, it got the idea for the BlueHat prize from a previously launched security information-sharing program. That initiative, the Microsoft Active Protections Program (MAPP), allows Microsoft to share information with security vendors around the world so they can release protection technologies to their customers much faster. The success of that program got Microsoft thinking about mounting a similar effort for the security research community.

One vendor with praise for BlueHat was Adobe, a company that's no stranger to software with vulnerabilities. “The Microsoft BlueHat Prize announced at Black Hat [on August 3] is an exciting new initiative and a great example of encouraging community collaboration in the defense against those with malicious intent," observed Adobe's Senior Director for Product Security and Privacy Brad Arkin.

“This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks, rather than thinking about software security as a challenge best addressed one bug at a time," he continued. "This research has the potential to lower costs for third-party developers and increase the level of security assurance for end users."

Here are the official rules and guidelines for the competition. Contest submissions will be accepted until Sunday, April 1, 2012, Microsoft said. A panel of Microsoft security engineers will judge submissions based on the following criteria: Practicality and functionality (30 percent); robustness--how easy it would be to bypass the proposed solution (30 percent); and impact (40 percent). The winners will be announced at Black Hat USA conference in 2012.

Source: PCWORLD

[deepzero]

details here on this subpage:
/>http://www.microsoft.com/security/bluehatprize/rules.aspx

[cipher]

Thanks for the info guyzzz.....

[chickenbutt]

Reality Check: Anything you do in pure software will be reversed within a week and rootkit authors will bypass it if it ever becomes wide-spread.. Also good luck getting to this bounty if you don't work under a big trademark or have exceptional credentials..no matter how innovative your solution is.. If you don't have these characteristics MS will likely just beat you to the patent office like they've done with most their tech..

Anything that would actually work would require hardware integration with proper memory handling unlike existing TXT and VT which make entry-level mistakes and have been defeated..

[The Dark]

Well this in my opinion is a stupid contest I'm no security expert mind you but I know that any Microsoft makes will like the chicken man said is reversible by other people. A prime example would be the activation incorporated into Microsoft products its a mere gimmick it lasts for about a week then blame got away around this. Its a note worthy goal to try to increase there security but I'm just not seeing MS make themselves invulnerable as there is so much incentive for people to go after them.

Also its almost impossible to bullet proof against a memory hack I have friends who could probably eat through anything that gets made there. Makes me almost sad but theres reality for ya.

Edited January 18, 2012 by The Dark

[ttnweb]

$200k for next-gen security? MS if you gonna talk dirty, talk in 6-7 figure numbers.