Microsoft to Offer $200,000 for Security Ideas

Microsoft is offering a huge reward to encourage tech savvy users to come up with new security ideas for its operating system. The company is running a contest for users to create "a novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities."

Put in simple terms, that means the winning entries have to halt malware that takes advantage of exploits in computer memory.

An exploit of this nature is an extremely common source of security breach. It works by taking advantage of the fact that computer memory is used to serve multiple programs, often simultaneously. Vulnerabilities in the way that memory is linked with multiple programs means a rogue application can gain access to data from another program or even the computer's operating system (OS).

Runtime mitigation, on the other hand, refers to the period in which a computer program is operating, rather than lying dormant in memory or loading data.

Microsoft Security Prizes Total $260,000

The contest runs until the end of March 2012, with a first prize of $200,000. The second-placed entry will get $50,000, while the person who comes third gets a subscription to the $10,000 Microsoft Developer Networks universal package, which gives access to every Microsoft application ever made.

While the prizes are attractive, some developers may be wary of the terms and conditions: although entrants retain full ownership of their ideas, Microsoft automatically gets full rights to use or adapt entries without needing to pay any royalties or license fees. (Source: microsoft.com)

Entries will be judged on three main criteria: whether the solution works well and would be practical to build into Windows; how easy it would be to get round the solution; and how big a problem the solution tackles.

"Blue Hat" Prize Tackles Black Hat Crimes

The contest has been given the unusual name of "The Blue Hat Prize," a reference to the fact that the winner will be announced at the Black Hat security conference in Las Vegas, which briefs security professionals of the latest dangers posed by so-called "black hat hackers," those whose hacking is primarily done for criminal purposes.

The "blue" in "blue hat" is a reference to Microsoft using that color in much of its marketing and branding.

The huge prize money appears to be designed to achieve two goals. Firstly, it will encourage security researchers to tackle major issues rather than concentrate solely on minor bugs. Secondly, it may reduce the temptation for those who spot security problems to sell details on the black market rather than be responsible and report the issue to Microsoft. (Source: computerworld.com)