14 DAY TRIAL // On Wednesday, Facebook announced that it would increase the funding for the Internet Defense Prize, rewarding the efforts of the participants with as much as $300,000 / €239,000 for the next year.
Sponsored by Facebook and offered in partnership with USENIX, the Internet Defense Prize aims at stimulating research and practical ideas that can be used to create a more secure online space.
First researchers awarded are from German university
The award does not have any tradition at the moment, the first winners being rewarded this year, in August. Johannes Dahse and Thorsten Holz of the Ruhr-Universität Bochum in Germany received $50,000 / €40,000 for their work on creating an automated method to analyze static code and detect second-order vulnerabilities in web applications.
This type of weakness occurs when malicious payloads are stored by web applications on the server and then employed at a later time for carrying out an attack.
The two researchers presented their findings at the USENIX symposium this year, where they explained how an attack would work. Furthermore, they detected 150 new vulnerabilities that could be used for remote code execution.
The money is intended for research purposes only
The purpose of the Internet Defense Prize is to provide the academic side of the security industry the opportunity to disclose their findings in a manner that could lead to effective measures towards a more secure web.
“Reports of security vulnerabilities tend to grab the most attention in the industry, but some of the most promising ideas for a more secure Internet actually come from the academic world and can sometimes get lost in the mix,” said Facebook chief security officer Joe Sullivan.
Basically, the award is designed to act as a stimulant to further research and permit moving from theory to practice in a practical manner that can be accepted on a broad scale.
Important to note is the fact that the researchers themselves do not receive the money if they are employed by an academic institution. Instead, the institution receives it and engages to spend it for the benefit of further research.
The total reward may be split between multiple teams if they all meet the award criteria.
Submissions are not accepted at the moment, but this will change soon. Participants can enter the program through the Internet Defense Prize.
Winners are to be announced next year, at the 24th USENIX security symposium held between August 12 and August 15 in Washington, DC.