SOFTWARE DEVELOPER Microsoft has offered a $200,000 prize to anyone that can create a way of blocking entire classes of memory vulnerabilities in the Windows operating system.
Microsoft's Blue Hat Prize competition has a total prize pool of $250,000, with the first prize the aforementioned $200,000. A second prize of $50,000 is also up for grabs and the third place finisher will receive an MSDN Universal subscription, which generally goes for somewhere in the region of $10,000.
The idea behind Microsoft's competition is not only to get security researchers working for, rather than against Microsoft, but to get its hands on clever work on the cheap. Microsoft will retain a royalty-free license to the works, however the firm said the authors will still own the rights and be able to develop the software techniques freely.
Katie Moussouris, senior security strategist lead for the Microsoft's Security Response Center said, "This is the first and largest incentive prize ever offered by Microsoft, and possibly ever in the industry [...] we're looking to make life more costly for criminals. The value of the prize will go beyond dollars however. We're looking to inspire research from industry, academia and even hobbyists."
Many firms offer cash bounties to security researchers, including Google, HP and Mozilla. One chap from HP told The INQUIRER that some of the security researchers can end up earning close to six figures every year from bounties. He also said that HP takes its most prolific security researchers on holidays to Las Vegas as a 'thank you' for their hard work, though we assume HP doesn't set them to work as card counters.
Although Microsoft's bounty might well be the largest yet and represents a significant amount of cash for any individual or a small team of students, for Microsoft it will be money very well spent. And since the task is to block a whole class of memory vulnerabilities on Windows, it is far from a trivial challenge. µ
Facebook has more influence than meets the eye
Attackers could 'easily compromise' an entire company by exploiting AV security flaws
Nobody knows it, but you've got a secret smiley
Plummeting pound forces firm's hand