Microsoft To Pay $200k Prize For New Security Tech 111
Trailrunner7 writes "In the face of mounting external pressure to begin paying bug bounties, Microsoft is instead launching a new program that will pay a $200,000 top prize to a security researcher who develops the most innovative defensive security technology. The program is designed to 'inspire researchers to focus their talents on defensive technologies,' the company said. Known as the Blue Hat Prize, after the company's regular internal research conferences, the program will focus in its first year on getting researchers to design a novel runtime technology to defend against memory safety vulnerabilities. Microsoft security officials said that rather than paying for individual bugs the way that some other companies such as Google, Mozilla and others do, they wanted to encourage researchers to think about ways to defeat entire classes of bugs."
It's worth a lot more than that (Score:5, Insightful)
If I develop something capable of winning this prize, I'm productizing it and making Microsoft pay for EULAs for it. That'll net me a lot more than $200k just from them, and more from everyone else.
Re:A system and method for preventing virus infect (Score:3, Insightful)
Stop using Windows (Score:4, Insightful)
When should I expect my cheque?
Re:That's an innovative approach.. (Score:4, Insightful)
If by innovative you mean "wrong" then yes, I agree.
Microsoft created this beast of a problem over the years. It was a problem more than a decade ago and they let it grow in complexity and complication. They have it in their power to grow a culture of developers who are security conscious. And there have been countless opportunities for Microsoft along the way to requite their OS with security in mind and they haven't done it. Incremental improvements happened along the way and I am actually more pleased with Windows 7 than I ever expected to be. But Microsoft needs to get more serious than they are. They need to prepare themselves to piss off the advertising world by setting up Ad Block and No Script on MSIE. And if they integrate those two things along with a reputation scoring system which updates a local database of web servers which are safe and web servers which are known to be compromised, then they would have a more secure user experience.
It's the frikken Javascript crap that's trashing users' computers left and right and they are invariably running MSIE when it happens.
Microsoft needs to take charge on this matter, but they are clearly beholden to too many masters and their end users are the least important of them all.