Microsoft gave away $260,000 to a bunch of hackers last night.That’s “hackers” in the good sense—here, the clever programmers who won its Blue Hat security contest, including a grand prize of $200,000.
The big prize was awarded to a PhD student at Columbia University, Vasilis Pappas, who was handed the check in an American Idol-style contest finale complete with loud music and confetti. The winners were announced during a party at the Black Hat hackers conference that happened this week in Las Vegas.
Two other guys took home significant prizes, too. Ivan Fratric, a researcher at the University of Zagreb in Croatia, got $50,000 and Jared DeMott, a Security Researcher for Harris Corp., won $10,000.
They all submitted ideas to help solve a really hard security problem called Return-Oriented Programming. ROP is a hacker technique that is often used to disable or circumvent a program’s computer security controls. 20 people submitted ideas in the contest.
Without getting into too much technical detail, Pappas came up with something called kBouncer which blocks anything that looks like an ROP attack from running.
It’s become popular these days to pay security researchers bounties. But what’s cool about the Blue Hat contest is that it paid the researcher for actually coming up with a fix to a problem.
Other companies have “bug bounty” programs that reward researchers for simply identifying flaws. Google pays hackers up to $20,000 a pop for reporting bugs found in Google’s software to Google instead of, say, selling them to the bad guys. Mozilla and Facebook also have bug bounty programs.
Microsoft and Adobe, by contrast, don’t pay bounties.
But Microsoft promised that this first Blue Hat prize won’t be its last. So this may be a sign of a smart new approach to engaging with security researchers for the software giant.
Business Insider Emails & Alerts
Site highlights each day to your inbox.