Announcing the BlueHat Prize for Advancement of Exploit Mitigations

Protecting the general computing ecosystem is a really tough job, and given some of the media headlines, it’s easy to get discouraged and wallow in the problems. It seems like we’re constantly bombarded with statistics measuring the number of bugs, vulnerabilities, or attacks in an attempt to build an accurate “state of the state.” The popular question of late seems to be “Is the ecosystem getting more or less secure?”

In my role, I talk with a lot of customers.  In fact, we had recent meetings on Microsoft’s campus with CSOs from some of the world’s largest companies.  While the topic sometimes starts with the “state of the state” and recent changes in the threat landscape, they always end up in the same place —customers want to discuss and collaborate on solutions, rather than wallowing in the problems.

We’ve collaborated with many of the thousands of brilliant security researchers across the globe over the years, and they’ve helped us improve the security of our products & services.  There are also hundreds of security providers in the industry that we work closely with. In fact, three years ago we took an unconventional approach to security challenges by creating the Microsoft Active Protections Program (MAPP) to help unify this group of defenders.  This program shifted advantage to the good guys by promoting collaboration within the industry, even among competitors, in order to quickly build defensive technologies for over a billion of our shared customers around the world.

The success of that program – which inspired industry collaboration – got us thinking about whether we could do something similar for the security research community. Our goal was to inspire new lines of research in areas that have the most impact and leverage in protecting customers. That means not building incentives to find single bugs, but instead rewarding work on innovative solutions that could mitigate entire classes of attacks.

Today, I am pleased to announce the BlueHat Prize to inspire security researchers to seek innovations in exploit mitigation technologies. This is the first and largest incentive prize ever offered by Microsoft, and possibly the industry, for defensive computer security technology. In the age of increased risk of attacks on personal, corporate and government computer systems, Microsoft recognizes the need to encourage and nurture innovation in the area of exploit mitigations. At Microsoft, we believe in hiring the best and brightest minds in security to help us improve the security of our products and services, but also recognize it will take a “global village” to address today’s security challenges.

With over a quarter million dollars in cash and prizes, Microsoft believes the BlueHat Prize will motivate the community and foster even more collaboration with researchers throughout the security industry. To understand more about this competition, please visit Katie Moussouris’ EcoStrat blog or the BlueHat Prize contest page.

-Matt Thomlinson