Microsoft to pay $250,000 for hot new security defenses Microsoft is offering more than $250,000 to researchers who develop new security defenses to protect Windows users against attacks that exploit software bugs. Microsoft's Blue Hat Prize announced on Wednesday at the Black Hat security conference will pay $200,000 for the best “novel runtime mitigation technology designed to …
I tell you what. I can save you $250000 dollars. Quite simple:
1. How about you take security of your software seriously at the design phase, instead of hurrying them to the market and then spending the entire life of the product relentlessly patching them?
2. How about you stop pandering to your marketing department, stop adding needless silly new features, and concentrate on the core of the software and do a good job of it?
3. How about you leave in place features which have been part of your software for years, and which have been, by now, sorted out security wise - instead of dicking about and changing things for the sake of changing (sorry, I think you call it innovation) - just to discover you've opened new security holes? Many changes from XP to Vista to Windows 7 come in mind - which have absolutely no functional advantage. Just change for the sake of making things different.
4. How about you stop trying to re-invent a rounder wheel - and you learn from people who've been there and done it before? Unix world used and uses a (relatively) simple security architecture, every file has strict permissions and insists on never running as root/admin. Instead of listening to that from the beginning, you've tried any variation under the sun - just to arrive to (almost) the same principle - 20 years later. Sometimes there is no "easy" way - just the proper way to do things.
5. How about you release software when it's actually ready - not when you want more money?
6. How about you think through properly important architectural decisions - instead of applying "quick fixes" on so many things that you do - just so that you end up rehashing the same thing again and again with every version of your software until you get it right. One simple example is the location of program data (not binaries), accessible to all users on the local machine. It has been absolutely all over the place - including in "program files" over the years. Finally somebody figured that a separate folder called "program data" is what was needed. Just like /var under Unix. Was it that difficult to figure that one out that it took 20 years?
There you go - you can thank me later.
... into language that Microsoft shareholders will understand:
"How about dumping your cash cows and replacing them with new projects? How about employing new design principles, incompatible with your existing platform? How about making them yet another clone of venerable UNIX? How about delaying releases until everyone is happy with product quality?"
Not that there is anything wrong with starting new projects, smarter design principles, extensive testing or with UNIX, but these are *very* costly proposals. Small software company might be at liberty to implement them. Heck, one large company (with tightly controlled environment - Apple) did exactly that with good results, but for Microsoft it would be suicidal.
I know many will disagree, and I wish Microsoft could/would write something robust, for a change, to replaced Win32 platform. I just don't believe it's realistic.
Who in their right mind would bother with linux desktop, even iOS has a bigger marketshare... :/
I have numerous computers here, running XP, Vista 32/64, 7 32/64, and OSX, and the latest Ubuntu and Kubuntu.
K/Ubuntu gets used the least because its pure crap. I'm still waiting for things to work properly on it, and I've been waiting for many years now...
"Microsoft is offering more than $250,000 to researchers who develop new security defenses to protect Windows users against attacks that exploit software bugs."
It ain't new, but BSD on the routers works for me ...
"Microsoft's Blue Hat Prize announced on Wednesday at the Black Hat security conference will pay $200,000 for the best “novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities.”"
Oh. MS is looking for bandaids for b0rken code on hardware without proper memory management. Still. Will they never learn that falling over produces bruises, cuts, dings & dents? Some of us have grown up and become adults ...
"Microsoft is offering more than $250,000 to researchers who develop new security defenses to protect Windows users against attacks that exploit software bugs."
Well, if MS tried security testing their software before they released it, that might help.
...I don't think $250,000 is enough anyway - think of all the time and effort involved in finding all the bugs and security holes in Windows. I mean you could be there for years just listing them all!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
