Microsoft will pay $186k to fix memory holes

By on
Microsoft will pay $186k to fix memory holes

Prefers 'defensive tech' over vulnerability bounty-hunting.

Microsoft will pay $US200,000 ($A186,000) to anyone who finds a fix to memory safety vulnerabilities.

The Blue Hat Prize, launched at the BlackHat hacker conference in Las Vegas, was "designed to generate new ideas for defensive approaches to support computer security", Microsoft said.

The first-place winner will need to improve anti-exploit technology such as sandboxes and data-execution prevention that is vulnerable to attacks or develop a different solution.

"Your prototype must solve an open problem in exploit mitigation or significantly improve the effectiveness of existing mitigation solutions. Two examples of open problems that are suitable for consideration in this challenge are address space information disclosures and return-oriented programming. Note that you are not required to address these and you are not limited to these examples."

It must also not impose more than a 5 percent burden on processing and memory and not disrupt application compatibility or useability.

The winner will be available to Microsoft under an "irrevocable, perpetual, royalty-free, worldwide, unlimited, non-exclusive, sub-licenceable, unrestricted right and licence", it said.

Microsoft was one of the few software companies to have refused to pay for software vulnerabilities.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?