At the Black Hat conference in Las Vegas, Microsoft announced a contest for excellence in defensive security technology. Dubbed "Blue Hat," the contest focuses on "the most effective ways to prevent the use of memory safety vulnerabilities."
Current technologies in this area include Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). Data Execution Prevention blocks attacks that force malicious code into memory areas marked as data. ASLR bollixes malware that needs to find certain code elements at specific addresses. Both Windows and iOS use ASLR.
Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center, said "Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices. We're looking to collaborate with others to build solutions to tough industry problems." Moussouris believes the Blue Hat Prize will encourage talented researchers to focus on this specific problem area in security.
Brad Arkin, senior director for product security at Adobe, applauded the initiative, saying "This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks rather than thinking about software security as a challenge best addressed one bug at a time." Arkin noted that the research triggered by this challenge "has the potential to lower costs for third-party developers and increase the level of security assurance for end users."
Submissions for the contest will be accepted from August 3 until April 1, 2012. Judges will rate the submissions on practicality (30 percent), robustness (30 percent) and impact (40 percent). The grand prize winner will receive $200,000, and the second place winner $50,000. For the third place winner Microsoft will offer an MSDN Universal Subscription, valued at $10,000. Results will be announced at next year's Black Hat conference. For full details visit www.BlueHatPrize.com.