Microsoft may not believe in bug bounties, but it’s not adverse to paying for knowledge when it comes to ingenious defensive solutions. The company’s Trustworthy Computing Group announced the BlueHat Prize competition to reward security researchers with more than $250,000 in cash and prizes for developing innovative, new computer security protection technology.
The top three winners in the BlueHat Prize competition will earn more than $250,000 in cash and prizes: $200,000 for the grand prize, $50,000 for second place and an MSDN Universal subscription valued at $10,000 for third place.
Prizes will be awarded to contestants who design the most effective ways to prevent the use of memory safety vulnerabilities, a key area of focus for Microsoft. Examples of similar technologies include Data Execution Prevention, which helps prevent attacks that attempt to exploit vulnerabilities in software.
The BlueHat Prize has the potential to provide enhanced security for the Windows operating system, as well as for the applications that run on it, which positively impacts independent software vendors.
“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology,” said Matt Thomlinson, general manager, Trustworthy Computing Group, Microsoft. “Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues. We believe the BlueHat Prize can catalyze defensive efforts to help mitigate entire classes of attacks.”
Official rules and guidelines for the competition are available here, and contest submissions will be accepted until Sunday, April 1, 2012.
A panel of Microsoft security engineers will judge submissions based on the following criteria: Practicality and Functionality (30 percent); Robustness — how easy it would be to bypass the proposed solution (30 percent); and Impact (40 percent). The winners will be announced at Black Hat USA 2012.