LAS VEGAS — Aug. 3, 2011 — Microsoft Corp.’s Trustworthy Computing Group today announced the BlueHat Prize competition to reward security researchers with more than $250,000 in cash and prizes for developing innovative, new computer security protection technology.
“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology,” said Matt Thomlinson, general manager, Trustworthy Computing Group, Microsoft. “Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues. We believe the BlueHat Prize can catalyze defensive efforts to help mitigate entire classes of attacks.”
The top three winners in the BlueHat Prize competition will earn more than $250,000 in cash and prizes: $200,000 for the grand prize, $50,000 for second place and an MSDN Universal subscription valued at $10,000 for third place. Prizes will be awarded to contestants who design the most effective ways to prevent the use of memory safety vulnerabilities, a key area of focus for Microsoft. Examples of similar technologies include Data Execution Prevention, which helps prevent attacks that attempt to exploit vulnerabilities in software.
“Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices,” said Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center. “We’re looking to collaborate with others to build solutions to tough industry problems. We believe the BlueHat Prize will encourage the world’s most talented researchers and academics to tackle key security challenges and offer them a chance to impact the world.”
Three years ago, Microsoft took the unconventional approach to security challenges by creating the Microsoft Active Protections Program (MAPP) to help further protect customers. Through this program, Microsoft shares information with security vendors around the world to release protection technologies to their customers much faster. This helped shift the advantage to security providers by promoting collaboration within the industry, even among competitors. The success of MAPP and its global network of defenders prompted Microsoft to think about how something similar could be done for the security research community. This is part of Microsoft’s commitment to providing a safer computing experience for both current and future generations.
The BlueHat Prize has the potential to provide enhanced security for the Windows operating system, as well as for the applications that run on it, which positively impacts independent software vendors.
“The Microsoft BlueHat Prize announced at Black Hat today is an exciting new initiative and a great example of encouraging community collaboration in the defense against those with malicious intent,” said Brad Arkin, senior director, product security and privacy at Adobe. “This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks rather than thinking about software security as a challenge best addressed one bug at a time. This research has the potential to lower costs for third-party developers and increase the level of security assurance for end users. I am looking forward to seeing what the creativity of the community can deliver.”
Beginning today, the official rules and guidelines for the competition are available at http://www.BlueHatPrize.com, and contest submissions will be accepted from Wednesday, Aug. 3, 2011, until Sunday, April 1, 2012. A panel of Microsoft security engineers will judge submissions based on the following criteria: Practicality and Functionality (30 percent); Robustness — how easy it would be to bypass the proposed solution (30 percent); and Impact (40 percent). The winners will be announced at Black Hat USA 2012.
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions to help people and businesses realize their full potential.
Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://www.microsoft.com/news. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/news/contactpr.mspx.