Microsoft offers award for new defences

Microsoft has announced total prize money of $250,000 in a competition to find new technologies that will prevent criminals from exploiting memory safety vulnerabilities. The BlueHat Prize – named after Microsoft's internal Blue Hat hacker conference – is intended to motivate the hacker community to develop defensive functionality along the lines of DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomisation) technologies. Microsoft didn't have to pay anything for ASLR when it adopted it; the company used the concepts published by the PaX team.

The winner of the BlueHat Prize contest will receive $200,000, while the runner-up will be awarded $50,000. The developer in third place will receive an MSDN subscription instead of cash. To qualify for the contest, programmers must be at least 14 years old and must not be employed by Microsoft or a government organisation. At a teleconference, a Microsoft spokesperson said that Microsoft does not intend to keep the developments to itself: entries submitted will grant Microsoft an irrevocable, perpetual, royalty-free, worldwide, unlimited, non-exclusive, sub-licensable, unrestricted, right to the technology, but the creators will still be free to market the invention to others.

The contest is scheduled to close on 1 April 2012. The winners will be chosen by a jury of Microsoft employees who will assess criteria such as practicality and robustness. The winners are to be announced at next year's Black Hat USA security conference.

(Uli Ries / ehe)