Feeds

back to article Microsoft to pay $250,000 for hot new security defenses

Microsoft is offering more than $250,000 to researchers who develop new security defenses to protect Windows users against attacks that exploit software bugs. Microsoft's Blue Hat Prize announced on Wednesday at the Black Hat security conference will pay $200,000 for the best “novel runtime mitigation technology designed to …

COMMENTS

This topic is closed for new posts.
Silver badge
Pirate

Ok.... Let's get real, here, and quit beating about the bush

Yeah, that sounds like a great deal ...for crash testing dummies. MS offer a fifth of a measly million for something that is worth a stream of trillions in the right minds and wrong hands.

2
2

Simples

I tell you what. I can save you $250000 dollars. Quite simple:

1. How about you take security of your software seriously at the design phase, instead of hurrying them to the market and then spending the entire life of the product relentlessly patching them?

2. How about you stop pandering to your marketing department, stop adding needless silly new features, and concentrate on the core of the software and do a good job of it?

3. How about you leave in place features which have been part of your software for years, and which have been, by now, sorted out security wise - instead of dicking about and changing things for the sake of changing (sorry, I think you call it innovation) - just to discover you've opened new security holes? Many changes from XP to Vista to Windows 7 come in mind - which have absolutely no functional advantage. Just change for the sake of making things different.

4. How about you stop trying to re-invent a rounder wheel - and you learn from people who've been there and done it before? Unix world used and uses a (relatively) simple security architecture, every file has strict permissions and insists on never running as root/admin. Instead of listening to that from the beginning, you've tried any variation under the sun - just to arrive to (almost) the same principle - 20 years later. Sometimes there is no "easy" way - just the proper way to do things.

5. How about you release software when it's actually ready - not when you want more money?

6. How about you think through properly important architectural decisions - instead of applying "quick fixes" on so many things that you do - just so that you end up rehashing the same thing again and again with every version of your software until you get it right. One simple example is the location of program data (not binaries), accessible to all users on the local machine. It has been absolutely all over the place - including in "program files" over the years. Finally somebody figured that a separate folder called "program data" is what was needed. Just like /var under Unix. Was it that difficult to figure that one out that it took 20 years?

There you go - you can thank me later.

4
2
Bronze badge
FAIL

let me translate this ,,,

... into language that Microsoft shareholders will understand:

"How about dumping your cash cows and replacing them with new projects? How about employing new design principles, incompatible with your existing platform? How about making them yet another clone of venerable UNIX? How about delaying releases until everyone is happy with product quality?"

Not that there is anything wrong with starting new projects, smarter design principles, extensive testing or with UNIX, but these are *very* costly proposals. Small software company might be at liberty to implement them. Heck, one large company (with tightly controlled environment - Apple) did exactly that with good results, but for Microsoft it would be suicidal.

I know many will disagree, and I wish Microsoft could/would write something robust, for a change, to replaced Win32 platform. I just don't believe it's realistic.

2
1
Thumb Up

titular upgrade

iirc, aren't Microsoft legally bound to not enter the UNIX market?

0
0
Holmes

First *and* largest?

Well, quite.

0
0
Silver badge

Somehow, I doubt I'll qualify for the loot, not that I need it :-)

"Microsoft is offering more than $250,000 to researchers who develop new security defenses to protect Windows users against attacks that exploit software bugs."

It ain't new, but BSD on the routers works for me ...

"Microsoft's Blue Hat Prize announced on Wednesday at the Black Hat security conference will pay $200,000 for the best “novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities.”"

Oh. MS is looking for bandaids for b0rken code on hardware without proper memory management. Still. Will they never learn that falling over produces bruises, cuts, dings & dents? Some of us have grown up and become adults ...

1
2
Linux

Best solution

Install linux. Much, much more secure.

That'll be $ 200,000 please.

3
6
Thumb Down

no thanks

Who in their right mind would bother with linux desktop, even iOS has a bigger marketshare... :/

I have numerous computers here, running XP, Vista 32/64, 7 32/64, and OSX, and the latest Ubuntu and Kubuntu.

K/Ubuntu gets used the least because its pure crap. I'm still waiting for things to work properly on it, and I've been waiting for many years now...

2
2

two things

1. Oi, "blue" means IBM ... or is MS usurping the colour?

2. @xj25vm: Windows has been slowly morphing into unix/bsd/linux over the years ... I've said it before and I'll say it again: WIndows X will also be unix/bsd/linux based, just like Apple's was.... :-)

0
0

ooh, please

It would be so nice to be able to use unix shell without having to use cygwin, but wait, didn't MS have a unix compatibility pack at one time.

0
0
Anonymous Coward

Architecture

Wrong. Windows will slowly morph into that architecture as it has steadily been. People seem to forget that this is a young OS. It is getting there but not yet.

If BSD was as ubiquitous as it will never be, we would see the same.

1
0
Facepalm

Hmmm

"Microsoft is offering more than $250,000 to researchers who develop new security defenses to protect Windows users against attacks that exploit software bugs."

Well, if MS tried security testing their software before they released it, that might help.

...I don't think $250,000 is enough anyway - think of all the time and effort involved in finding all the bugs and security holes in Windows. I mean you could be there for years just listing them all!

0
2
Silver badge
FAIL

Title

Microsoft Windows is architecturally speaking, fundamentally deficient.

No amount of bolt on security is going to overcome that problem.

Proper separation of privileges and untangling IE from the core of Windows would be a start.

0
0
This topic is closed for new posts.