Microsoft Opens Cheque Book For Ethical Hackers

Microsoft is putting up a substantial financial reward in order to encourage so called “blue hat” (i.e. white hat) ethical hackers to contribute towards computer security.

To this end it launched the Microsoft BlueHat Prize contest, following bug bounties offered by other vendors.

The contest “is designed to generate new ideas for defensive approaches to support computer security,” said Microsoft. “As part of our commitment to a more secure computing experience, we hope to inspire security researchers to develop innovative solutions intended to address serious security threats.”

Windows Vulnerabilities

Of course Microsoft is not being entirely altruistic here.

Microsoft Windows is used by the majority of computers around the world, and to this end Redmond has offered a top prize of $200,000 (£121,970) for software developers who can create a way of blocking entire classes of memory vulnerabilities in the Windows operating system.

A second prize of $50,000 (£30,490) is also on offer, as is a third place prize of a MSDN Universal subscription, valued at $10,000 (£6,098).

“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognises the need to stimulate research in the area of defensive computer security technology,” said Matt Thomlinson, general manager, Trustworthy Computing Group at Microsoft.

“Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues,” he added. “We believe the BlueHat Prize can catalyze defensive efforts to help mitigate entire classes of attacks.”

Redmond said that a panel of Microsoft security engineers will judge submissions based on the following criteria: Practicality and Functionality (30 percent); Robustness – how easy it would be to bypass the proposed solution (30 percent); and Impact (40 percent).

Winners will be announced at Black Hat USA 2012.

Bug Bounties

“Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices,” said Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center. “We’re looking to collaborate with others to build solutions to tough industry problems. We believe the BlueHat Prize will encourage the world’s most talented researchers and academics to tackle key security challenges and offer them a chance to impact the world.”

Of course it is worth pointing out that Microsoft is not alone in offering cash rewards for those who discover vulnerabilities. Mozilla, HP and Google for example are all known to operate similar schemes.

The contest however comes at a time when many organisations and government institutions are now seeing unprecedented levels of cyber crime and cyber attacks.

Indeed recent research from Hewlett-Packard New revealed that the annualised cost of cybercrime incurred by a benchmark sample of organisations was $5.9 million (£3.6m) per year, with a range of $1.5 million (£915,000) to $36.5 million (£22.5m) each year per organisation.