In June, Microsoft announced that it had picked the three finalists in its first annual BlueHat security program competition. One of them will be named as the winner of the contest and will receive the top prize of $200,000. That prize will be handed out tomorrow evening at the company’s Researcher Appreciation Party.
Today Microsoft announced that the work from one of the three BlueHat finalists has already been incorporated into one of the company's security programs. In a press release today, Microsoft said that the Return Oriented Programming (ROP) defenses, first created by BlueHat Prize finalist Ivan Fratric, have been put into the newly released Enhanced Mitigation Experience Toolkit (EMET) 3.5 Technology Preview.
The press release states:
Fratric, who earned a Ph.D. in computer science and is a researcher at the University of Zagreb located in Zagreb, Croatia, submitted a unique solution called ROPGuard, which hinders attacks that leverage ROP. ROP is an advanced technique that attackers use to combine short pieces of benign code, already present in a system, for a malicious purpose. ROPGuard defines a set of checks that can be used to detect when certain functions are being called in the context of malicious ROP code and can help protect against attacks exploiting memory safety vulnerabilities.
While we are sure that Fratric is happy that his work has been adapted and used in a Microsoft security software product, we also don't think he will turn down a $200,000 prize if he wins the BlueHat competition on Thursday.
Source: Microsoft press release