| Filename | Microsoft awards more than $US250,000 to security researchers |
| Permission | Freeware |
| Author | D-38 |
| Category | INFORMATION |
Microsoft awards more than $US250,000 to security researchers
Microsoft has awarded more than a quarter of a million dollars to security researchers in the 2012 BlueHat Prize.
The BlueHat Prize 2012 was launched a year ago to encourage security researchers to identify mitigations for entire classes of attacks rather than merely finding specific vulnerabilities.
Researchers were specifically invited to address the issue of memory safety vulnerabilities.
Late last week Microsoft announced the winners of the competition, along with a preview release of the next version of EMET (Enhanced Mitigation Experience Toolkit) which incorporates one winner's discovery.
The first prize ($US200,000 plus a trip to next month's BlackHat Briefings) went to Vasilis Pappas, a PhD student at Columbia University.
Mr Pappas' kBouncer detects abnormal control transfers using the Last Branch Recording feature of Intel processors to mitigate Return Oriented Programming (ROP) attacks.
Second prize ($US50,000 plus a BlackHat Briefings trip) was awarded to Ivan Fratric, a researcher at the University of Zagreb.
Dr Fratric's ROPGuard provides a way of detecting the use of certain functions in the context of malicious ROP code, and has been incorporated into Microsoft's EMET.
"Developing a prototype is one thing, but having it integrated with an actual product such as EMET 3.5 Tech Preview is something else entirely," he said.
Third prize (an MSDN subscription valued at $10,000 plus a BlackHat Briefings trip) was awarded to Jared DeMott for /ROP, a method for lowering the effect of address space disclosures.
Mr DeMott also received $US10,000 as an unannounced part of his prize.
"A year ago we posed a challenge to the researcher community and asked them to shift their focus from solely identifying and reporting individual vulnerabilities to investing in new lines of defensive research that could mitigate entire classes of attacks," said Mike Reavey, senior director of Microsoft's security response centre.
"It's with great pleasure that we congratulate the winner of our inaugural BlueHat Prize contest, Vasilis, for his submission of a novel defensive technology that advances the challenging issue of exploit mitigation of some of the most popular attack techniques we're seeing today."
Post a Comment
0 comments: