InformationWeek: The Business Value of Technology

11 Security Sights Seen Only At Black Hat

1Comments | Mathew J. Schwartz | August 01, 2012 14:00 PM

Who says fun, sun, malware, and penetration testing don't mix? This year's Black Hat conference in Las Vegas offered information security training, hardware hacking, pool time, and more.

Marquee Nightclub Delivers Confetti, Cash For Coders

Previous Image

Next Image

11 Security Sights Seen Only At Black Hat

Informationweek Discussions

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Previous Slide Next Slide 11 of 12

Marquee Nightclub Delivers Confetti, Cash For Coders

Google and Facebook may offer bug bounties, but Microsoft broke into the "cash for security code" movement with its inaugural BlueHat Prize, hosted at the Marquee nightclub in Las Vegas. "For our challenge to the security researcher community, we said, can you focus on defensive techniques that can focus on entire classes of attacks, instead of finding one-off vulnerabilities," said Mike Reavey, director of the Microsoft Security Response Center, in an interview at Black Hat. "And we put a quarter of a million dollars on the table, because we knew it's hard to do."

The winning submission, together with $200,000 of the prize money and mountains of free confetti, went to Columbia University graduate student Vasilis Pappas for kBouncer, which Microsoft described as "an efficient and fully transparent ROP [return-oriented programming] mitigation technique."

BlueHat Prize event photograph by Mathew J. Schwartz.

RECOMMENDED READING:

Black Hat: 6 Lessons To Tighten Enterprise Security

Tired Of Security Problems? Change Rules Of Writing Code

HTML Access Control Busted By Security Researchers

Strike Back At Hackers? Get A Lawyer

5 Black Hat Security Lessons For CIOs

Internet Crime Focus Of Black Hat Europe

3 Big Security Themes At Black Hat Europe