14 DAY TRIAL // Microsoft is prepared to reward the security researchers who develop a new exploit mitigation technology or significantly improve current solutions with $200,000.
The software giant announced its new BlueHat Prize contest yesterday at the Black Hat security conference in Las Vegas. "Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices," said Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center.
"We believe the BlueHat Prize will encourage the world’s most talented researchers and academics to tackle key security challenges and offer them a chance to impact the world," she added.
The contest offers three prizes, $200,000 for the best entry, $50,000 for the second best, and a MSDN Universal subscription valued at $10,000 for the third.
Contestants can submit entries until April 1st 2012 and the winners will be announced at next year's edition of the Black Hat USA conference.
It's important to note that Microsoft only targets solutions for memory safety hazards and there are several conditions to enter the contest. First of all proposed technologies must solve a current problem in exploit mitigation or to improve the effectiveness of an existing solution.
"Two examples of open problems that are suitable for consideration in this challenge are address space information disclosures and return-oriented programming (ROP)," Microsoft explains.
Examples of existing solutions are the Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). The technology must work on Windows and be developed with the Microsoft Windows SDK.
It's also worth noting that while participants will remain the owners of the technology they develop, they must give Microsoft an irrevocable, perpetual, royalty-free, worldwide, unlimited, and unrestricted license to use, review, assess, test, analyze, reproduce, modify, distribute, display, commercialize and create derivative works of the entry.