Security Market Segment LS
Monday, 30 July 2012 15:34

Microsoft awards more than $US250,000 to security researchers


Microsoft has awarded more than a quarter of a million dollars to security researchers in the 2012 BlueHat Prize.

The BlueHat Prize 2012 was launched a year ago to encourage security researchers to identify mitigations for entire classes of attacks rather than merely finding specific vulnerabilities.

Researchers were specifically invited to address the issue of memory safety vulnerabilities.

Late last week Microsoft announced the winners of the competition, along with a preview release of the next version of EMET (Enhanced Mitigation Experience Toolkit) which incorporates one winner's discovery.

The first prize ($US200,000 plus a trip to next month's BlackHat Briefings) went to Vasilis Pappas, a PhD student at Columbia University.

Mr Pappas' kBouncer detects abnormal control transfers using the Last Branch Recording feature of Intel processors to mitigate Return Oriented Programming (ROP) attacks.

Second prize ($US50,000 plus a BlackHat Briefings trip) was awarded to Ivan Fratric, a researcher at the University of Zagreb.

Dr Fratric's ROPGuard provides a way of detecting the use of certain functions in the context of malicious ROP code, and has been incorporated into Microsoft's EMET.

"Developing a prototype is one thing, but having it integrated with an actual product such as EMET 3.5 Tech Preview is something else entirely," he said.

Third prize (an MSDN subscription valued at $10,000 plus a BlackHat Briefings trip) was awarded to Jared DeMott for /ROP, a method for lowering the effect of address space disclosures.

Mr DeMott also received $US10,000 as an unannounced part of his prize.

"A year ago we posed a challenge to the researcher community and asked them to shift their focus from solely identifying and reporting individual vulnerabilities to investing in new lines of defensive research that could mitigate entire classes of attacks," said Mike Reavey, senior director of Microsoft's security response centre.

"It's with great pleasure that we congratulate the winner of our inaugural BlueHat Prize contest, Vasilis, for his submission of a novel defensive technology that advances the challenging issue of exploit mitigation of some of the most popular attack techniques we're seeing today."


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments