Nearly a year ago, Microsoft announced plans to offer security programmers a chance to win some big money by developing new programs in its first annual BlueHat contest. This week, Microsoft announced that its Trustworthy Computing Group has named Vasilis Pappas the grand prize winner of the contest; Pappas gets a whopping $200,000 for his efforts.
In a Microsoft press release, the company said that Pappas, currently a Ph.D. student at Columbia University in New York, developed a program called kBouncer. The program " ... detects abnormal control transfers using the Last Branch Recording feature of Intel processors to mitigate Return Oriented Programming (ROP). ROP is an advanced technique that attackers use to combine short pieces of benign code, already present in a system, for a malicious purpose."
As we reported earlier this week, the work of BlueHat Prize finalist Ivan Fratric has already been put into the newly released Enhanced Mitigation Experience Toolkit (EMET) 3.5 Technology Preview. Fratric was named as the first runner-up in the BlueHat contest and received a not-too-shabby $50,000 prize. The second runner-up, Jared DeMott, got $10,000. All three finalist also were awarded subscriptions to the Microsoft Developer Network, valued at $10,000 each.
Source: Microsoft press release