Microsoft Offers Prize Money For Enhancing Windows Security

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Offers Prize Money For Enhancing Windows Security


BlueHat Prize contest focused on new ways to defend against memory-safety exploits.



Microsoft took a new spin on security researcher bounties by offering more than $250,000 in cash and prizes for contestants who come with new ways to mitigate exploits.
The new BlueHat Prize contest specifically looks for the most innovative methods for exploiting memory-safety vulnerabilities such as return-oriented programming (ROP) and just-in-time spraying (JITSpray). The grand prize is $200,000; second place, $50,000; and third place, an MSDN Universal subscription valued at $10,000. JIT spraying attacks basically are used to cheat Microsofts address space layout randomization (ASLR) and data execution prevention (DEP) security technologies.
Microsoft wants to defend against entire classes of attack with the innovation that comes via the BlueHat Prize, Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center, said in a Twitter interview with
Dark Reading
. The BlueHat Prize is looking for mitigations to block memory safety exploitation techniques such as ROP or JITSpray.
Unlike bug bounty programs offered by Google and other vendors, Microsoft instead is looking at getting researchers involved in providing solutions, security experts said.
The software giant traditionally has been opposed to offering money to researchers for vulnerability finds, but Moussouris didnt completely dismiss the possibility of Microsoft someday changing its tune on that. We continue to evaluate the best way to collaborate with the research community, and well let you know if anything changes there, she said when asked whether Microsoft would ever add a bug bounty option.
What happens to the winners technology? The inventor retains ownership of the intellectual property, and then grants Microsoft a license to the technology; researchers whose technology is not selected by Microsoft also still own their intellectual property.
The BlueHat Prize contest kicked off Wednesday, with a submission deadline of April 1, 2012. A panel of Microsoft security engineers will judge the technologies based on practicality and functionality (30%); robustness (30%); and impact (40%).
Read the rest of this article on
Dark Reading
.
Read our report on how to guard your systems from a SQL attack.
Download the report now
. (Free registration required.)

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Offers Prize Money For Enhancing Windows Security