Microsoft gains innovative security ideas at a low cost
April 1 marked the deadline for submissions for this year’s edition of Microsoft’s BlueHat Prize competition and, according to Katie Moussouris, a senior security strategist at Microsoft, twenty qualified proposals were accepted for evaluation.
“The final entry reached our inboxes at 11:51pm on April 1,” she says. “Unfortunately, a contest entry that arrived 17 minutes later – at eight minutes after 11:59pm on April 2 – had to be disqualified out of fairness to the others, and to keep our competition in compliance with Washington State’s rules for such events.”
As a reminder, Microsoft’s Trustworthy Computing Group announced the BlueHat Prize competition to reward security researchers for developing new computer security protection technology.
The top three winners in the competition will earn more than $250,000 in cash and prizes: $200,000 for the grand prize, $50,000 for second place and an MSDN Universal subscription valued at $10,000 for third place, plus a paid trip (and accommodation) to Las Vegas to attend the BlackHat Briefings for all.
The contest is definitely a good idea for Microsoft. The company refuses to pay for information about vulnerabilities, but has found a relatively cheap way to get its hand on innovative security ideas.
Even though all submitters will retain intellectual property rights to their submission, they are required to license their IP and patent rights to Microsoft on an unlimited and royalty-free basis, which will ultimately allow the company to commercialize and create derivative works of their entry.
“The entries cover a wide variety of ideas designed to help defend against different exploitation techniques, and it’s been great to see fresh insight into these technical areas,” Moussouris commented last week after the first ten submissions had been received. “We’ve also been excited to see who the contestants are who have chosen to compete for the prize – some of them are security researchers with great track records in the security community, some are from academia, and some are from other venues altogether.”
The entries will be judged on practicality and functionality, robustness and impact by Microsoft security engineers, and the winners will be announced at Black Hat 2012 in Las Vegas.