<< HOME

PLEASE NOTE: It is your sole responsibility to review and understand your employer's policies regarding your eligibility to participate in trade promotions. If you are participating in violation of your employer's policies, you may be disqualified from entering or receiving prizes. Microsoft disclaims any and all liability or responsibility for disputes arising between an employee and their employer related to this matter, and prizes will only be awarded in compliance with the employer's policies.

GOVERNMENT EMPLOYEES: Microsoft is committed to complying with government gift and ethics rules and therefore government employees are not eligible.

This Contest is hosted in the United States, and entry information is collected on computers in the United States. This Contest will be governed by the laws of the State of Washington, and you consent to the exclusive jurisdiction and venue of the courts of the State of Washington for any disputes arising out of this Contest. If you do not agree with this provision and these Official Rules, please do not enter this Contest.

COMMON TERMS USED IN THESE RULES

These are the official rules that govern how the Microsoft BlueHat Prize contest promotion will operate ("Contest"). In these rules, "we," "our," and "us" refer to Microsoft Corporation, the sponsor of this Contest. "You" refers to an eligible Contest entrant.

CONTEST DESCRIPTION

This is a skill-based Contest.

The object of this Contest is to design a novel runtime mitigation technology solution that is capable of preventing the exploitation of memory safety vulnerabilities. For purposes of this Contest, each prototype that is capable of protecting an application that runs on Windows you create and submit in the Contest will be called an "entry." All eligible entries received will be judged using the criteria described below to determine the winners of the prizes described below.

WHAT ARE THE START AND END DATES?

This Contest starts at 12:01 a.m. Pacific Time (PT) on August 3, 2011, and ends at 11:59 p.m. PT on April 1, 2012 ("Entry Period").

CAN I ENTER?

You are eligible to enter this Contest if you meet the following requirements at time entry:

• You are a professional or hobbyist in the field of software security and are 14 years of age or older; and;
• If you are 14 of age or older, but are considered a minor in your place of residence, you should ask your parent's or legal guardian's permission prior to submitting an entry into this Contest; and
• You are NOT a resident of any of the following countries: Cuba, Iran, North Korea, Sudan, and Syria.
  
  • PLEASE NOTE: U.S. export regulations prohibit the export of goods and services to Cuba, Iran, North Korea, Sudan and Syria. Therefore residents of these countries / regions are not eligible to participate.
• You are NOT an employee of Microsoft Corporation or an employee of a Microsoft subsidiary; and
• You are NOT involved in any part of the administration and execution of this Contest; and
• You are NOT an immediate family (parent, sibling, spouse, child) or household member of a Microsoft employee, an employee of a Microsoft subsidiary, or a person involved in any part of the administration and execution of this Contest.

This Contest is void outside the geographic area described above and wherever else prohibited by law.

WHAT CONSTITUTES AN ELIGIBLE ENTRY?

To be eligible for judging an entry must consist of the following components and meet the following content / technical requirements:

One (1) Prototype

• Your Prototype must be submitted as a compressed ZIP no larger than 2 MB containing at least one executable file that demonstrates the solution.
• Your Prototype must solve an open problem in exploit mitigation or significantly improve the effectiveness of existing mitigation solutions. Two examples of open problems that are suitable for consideration in this challenge are address space information disclosures and return-oriented programming (ROP). Note that you are not required to address these and you are not limited to these examples.
• Your Prototype must be fully functioning and work on Windows and be developed using the Microsoft Windows SDK.
• The Prototype must have low overhead meaning CPU and Memory cost of no more than 5%
• Your Prototype must not have any application compatibility or usability regressions

One (1) Technical Description

• Your Technical Description must include your full name, a description of the problem being solved, and the algorithms used to address the problem.
• Your Technical Description cannot exceed 10 pages, single spaced, in 10 point font and must be submitted as a .doc, .docx, .xps, .pdf, or plain text file.
• Your Technical Description must be submitted in the English language.

In addition:

• your entry must be your own original work; and
• your entry cannot have been selected as a winner in any other contest; and
• you must have obtained any and all consents, approvals or licenses required for you to submit your entry; and
• your entry may not incorporate any third-party source code or code that is subject to any other licenses; and
• your entry may not include any third party trademarks (logos, names) or copyrighted materials (music, images, video, recognizable people) unless you have obtained permission to use the materials. You may include Microsoft trademarks, logos, and designs, for which Microsoft grants you a limited license to use for the sole purposes of submitting an entry into this Contest.

Entries may NOT contain, as determined by us, in our sole and absolute discretion, any content that:

• is sexually explicit, unnecessarily violent or derogatory of any ethnic, racial, gender, religious, professional or age group; profane or pornographic;
• promotes alcohol, illegal drugs, tobacco, firearms/weapons (or the use of any of the foregoing) or a particular political agenda;;
• is obscene or offensive;
• defames, misrepresents or contains disparaging remarks about other people or companies;
• communicates messages or images inconsistent with the positive images and/or good will to which we wish to associate; and/or violates any law;

We reserve the right to reject any entry, in our sole and absolute discretion, that we determine does not meet the above criteria.

HOW WILL MY ENTRY BE POTENTIALLY USED?

Other than what is set forth below, we are not claiming any ownership rights to your entry. However, by submitting your entry, you:

• are agreeing to license IP and patent rights in your submission to Microsoft (please be sure to read and accept the full license terms before submitting your entry), which includes an irrevocable, perpetual, royalty-free, worldwide, unlimited, nonexclusive, sub-licensable, unrestricted right and license to: (i) use, review, assess, test and otherwise analyze your entry, to reproduce, modify, distribute, display and perform publically, commercialize and create derivative works of your entry and all its content, in whole or in part, in connection with this Contest; and (ii) feature your entry and all content in connection with the marketing, sale, or promotion of this Contest (including but not limited to internal and external sales meetings, conference presentations, tradeshows, and screen shots of the Contest entry in press releases) in all media (now known or later developed)
• Your Prototype must solve an open problem in exploit mitigation or significantly improve the effectiveness of existing mitigation solutions. Two examples of open problems that are suitable for consideration in this challenge are address space information disclosures and return-oriented programming (ROP). Note that you are not required to address these and you are not limited to these examples.
• agree to sign any necessary documentation that may be required for us and our designees to make use of the rights you granted above;
• understand and acknowledge that the Sponsor(s) may have developed or commissioned materials similar or identical to your submission and you waive any claims you may have resulting from any similarities to your entry;
• understand that we cannot control the incoming information you will disclose to our representatives in the course of entering, or what our representatives will remember about your entry. You also understand that we will not restrict work assignments of representatives who have had access to your entry. By entering this Contest, you agree that use of information in our representatives' unaided memories in the development or deployment of our products or services does not create liability for us under this agreement or copyright or trade secret law;
• understand that you will not receive any compensation or credit for use of your entry, other than what is described in these Official Rules.

Please note that following the end of this Contest your entry may be posted on a website selected by us for viewing by visitors to that website. We are not responsible for any unauthorized use of your entry by visitors to this website. While we reserve these rights, we are not obligated to use your entry for any purpose, even if it has been selected as a winning entry.

HOW DO I ENTER?

In order to participate in this Contest, you must send an email to bluehatprize@microsoft.com you're your technical description and prototype as outlined above.

We will only accept one (1) entry per person.

We are not responsible for entries that we do not receive for any reason, or for entries that we receive but are not decipherable for any reason.

We will automatically disqualify:

• Any incomplete or illegible entry; and
• Any entries that we receive from you that are in excess of the entry limit described above.

WINNER DETERMINATION AND PRIZES

On or around the close of the Entry Period, a panel of judges will review all eligible entries received and select winners of the Contest Prizes described below based upon judging criteria described below.

Judging Criteria

• 30.00% - Practical and Functional
  • Can the solution be implemented and deployed at a large scale on Windows?
  • Does the prototype have low overhead (CPU and Memory cost below 5%)?
  • Is the prototype free of any application compatibility or usability regressions?
  • Does the prototype function as intended?
• 30.00% - Robustness
  • How easy would it be to bypass the proposed solution?
• 40.00% - Impact
  • Does the solution strongly address key open problems or significantly refine an existing approach?
  • Would the solution strongly mitigate modern exploits above and beyond Microsoft's current arsenal?
• The decisions of the judges are final and binding. If we do not receive a sufficient number of entries meeting the entry requirements, we may, at our discretion, select fewer winners than described above.
  
  In the event of a tie between any eligible entries, an additional judge will break the tie based on the judging criteria described above. The decisions of the judges are final and binding. If we do not receive a sufficient number of entries meeting the entry requirements, we may, at our discretion, select fewer winners than the number of Contest Prizes described below.

Contest Prizes

One (1) Grand Prize. A Prize Package consisting of the following items:

• A check for US $200,000.
• A trip for Winner to Las Vegas to attend the BlackHat Briefings on August 1, 2012. Approximate Retail Value (ARV) $2,000.00. Trip includes:
  • Round trip coach airfare from major airport closest to winner's home.
    • Winner and any guests are responsible for providing all required travel documents, including, but not limited to required Visa, passport etc.
    • If winner lives within 100 miles of travel destination, Sponsor reserves the right to provide alternative transportation.
  • Two (2) nights standard hotel accommodations.
  • Transfers to/from Airport/Hotel.
  • Admission for one (1) to attend the BlackHat Briefings event.
    • If the event is cancelled for any reason, Sponsor shall have no further obligation to the winner other than to provide the travel portion of the prize minus the opportunity to attend event.

The total Approximate Retail Value (ARV) of this Package is $202,000.

One (1) Second Prize. A Prize Package consisting of the following items:

• A check for US $50,000.
• A trip for Winner to Las Vegas to attend the BlackHat Briefings on August 1, 2012. Approximate Retail Value (ARV) $2,000.00. Trip includes:
  • Round trip coach airfare from major airport closest to winner's home.
    • Winner and any guests are responsible for providing all required travel documents, including, but not limited to required Visa, passport etc.
    • If winner lives within 100 miles of travel destination, Sponsor reserves the right to provide alternative transportation.
  • Two (2) nights standard hotel accommodations.
  • Transfers to/from Airport/Hotel.
  • Admission for one (1) to attend the BlackHat Briefings event.
    • If the event is cancelled for any reason, Sponsor shall have no further obligation to the winner other than to provide the travel portion of the prize minus the opportunity to attend event.

The total Approximate Retail Value (ARV) of this Package is $52,000.

One (1) Third Prize. A Prize Package consisting of the following items:

• A year-long MSDN Subscription (download only). Approximate Retail Value (ARV) $10,000.00.
• A trip for Winner to Las Vegas to attend the BlackHat Briefings on August 1, 2012. Approximate Retail Value (ARV) $2,000.00. Trip includes:
  • Round trip coach airfare from major airport closest to winner's home.
    • Winner and any guests are responsible for providing all required travel documents, including, but not limited to required Visa, passport etc.
    • If winner lives within 100 miles of travel destination, Sponsor reserves the right to provide alternative transportation.
  • Two (2) nights standard hotel accommodations.
  • Transfers to/from Airport/Hotel.
  • Admission for one (1) to attend the BlackHat Briefings event.
    • If the event is cancelled for any reason, Sponsor shall have no further obligation to the winner other than to provide the travel portion of the prize minus the opportunity to attend event.

The total Approximate Retail Value (ARV) of this Package is $12,000.

For all prizes:

Actual value depends on date/time/destination, and difference between actual value and stated value will not be awarded.

Travel subject to availability and must be completed on dates specified by the Sponsor or prize will be forfeited and awarded to an alternate winner. Some restrictions may apply. Winner and any guests must travel on same itinerary. No cancellation of reservation or transfer of reservation to another date after reservation has been made.

The ARV of electronic prizes is subject to price fluctuations in the consumer marketplace based on, among other things, any gap in time between the date the ARV is estimated for purposes of these Official Rules and the date the prize is awarded or redeemed. We will determine the value of the prize to be the fair market value at the time of prize award.

The total Approximate Retail Value (ARV) of all prizes: $268,000

We will only award one (1) prize package per person.

If you are a potential winner, we will notify you by sending a message to the e-mail address, the phone number, or mailing address (if any) provided at time of entry within seven (7) days following completion of judging. If the notification that we send is returned as undeliverable, or you are otherwise unreachable for any reason, we may award to a runner-up.

If there is a dispute as to who is the potential winner, we will consider the potential winner to be the authorized account holder of the e-mail address used to enter the Contest. If you are a potential winner, we may require you to sign an Affidavit of Eligibility, Liability/Publicity Release and a W-9 tax form or W-8 BEN tax form within 10 days of notification. If you are a potential winner and you are 14 or older, but are considered a minor in your place of legal residence, we may require your parent or legal guardian to sign all required forms on your behalf. If you do not complete the required forms as instructed and/or return the required forms within the time period listed on the winner notification message, we may disqualify you and select a runner-up.

If you are confirmed as a winner of this Contest:

• You may not exchange your prize for cash or any other merchandise or services. However, if for any reason an advertised prize is unavailable, we reserve the right to substitute a prize of equal or greater value; and
• You may not designate someone else as the winner. If you are unable or unwilling to accept your prize, we may award it to a runner up; and
• If you accept a prize, you will be solely responsible for all applicable taxes related to accepting the prize; and
• If you are otherwise eligible for this Contest, but are considered a minor in your place of residence, we may award the prize to your parent/legal guardian on your behalf; and
• Unless otherwise noted, all prizes are subject to their manufacturer's warranty and / or terms and conditions.

WHAT OTHER CONDITIONS AM I AGREEING TO BY ENTERING?

By entering this Contest you agree:

• To abide by these Official Rules; and
• To release and hold harmless Microsoft and its respective parents, subsidiaries, affiliates, employees and agents from any and all liability or any injury, loss or damage of any kind arising from or in connection with this Contest, or any prize won; and
• That Microsoft's decisions will be final and binding on all matters related to this Contest; and
• That, by accepting a prize, Microsoft may use of your proper name and state of residence online and in print, or in any other media, in connection with this Contest, without payment or compensation to you, except where prohibited by law.

WHAT LAWS GOVERN THE WAY THIS CONTEST IS EXECUTED AND ADMINISTRATED?

This Contest will be governed by the laws of the State of Washington, and you consent to the exclusive jurisdiction and venue of the courts of the State of Washington for any disputes arising out of this Contest.

WHAT IF SOMETHING UNEXPECTED HAPPENS AND THE CONTEST CAN'T RUN AS PLANNED?

If someone cheats, or a virus, bug, catastrophic event, or any other unforeseen or unexpected event that cannot be reasonably anticipated or controlled, (also referred to as force majeure) affects the fairness and / or integrity of this Contest, we reserve the right to cancel, change or suspend this Contest. This right is reserved whether the event is due to human or technical error. If a solution cannot be found to restore the integrity of the Contest, we reserve the right to select winners from among all eligible entries received before we had to cancel, change or suspend the Contest.

If you attempt to compromise the integrity or the legitimate operation of this Contest by hacking or by cheating or committing fraud in ANY way, we may seek damages from you to the fullest extent permitted by law. Further, we may ban you from participating in any of our future Contest, so please play fairly.

HOW CAN I FIND OUT WHO WON?

We will post the names of winners online at www.bluehatprize.com. This list will remain posted one month after August 1, 2012.

WHO IS SPONSORING THIS CONTEST?

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

BACK TO TOP