Security R&D firm Subreption hit out at terms of Microsoft's #bluehat prize

News by Dan Raywood

Microsoft's prize money for creating the next great piece of security technology has been described as 'a late April Fool's joke'.

Microsoft's prize money for creating the next great piece of security technology has been described as ‘a late April Fool's joke'.

According to a blog by security research and development company Subreption, Microsoft's contest is ‘aimed at the desperate and the naïve' and the contest is ‘largely abusive, if not outright humorous'.

The blue hat contest was announced at the Black Hat conference in Las Vegas, Nevada last week to ‘contestants who design the most effective ways to prevent the use of memory safety vulnerabilities, a key area of focus for Microsoft'. The winning entry will be handed a $200,000 (£124,000) prize along with paid travel and expenses to Black Hat 2012.

However Subreption said that entrants should not sell themselves so cheap. It said: “Any potential contributor to the Blue Hat Prize contest should bear in mind that it is a one-time only payment, meaning you will not be receiving any further compensation for your efforts and Microsoft will have full leeway to do as they please with your work.

“It is not, by any means, an issue of implementation licensing, but the actual royalties and exploitation rights to your ideas will be at their entire disposal.”

It also said that as the first prize carries a value of $200,000, the winner will be responsible for taxes which could range from none or minimal to roughly 30-40 per cent, depending on their country or state.

“For Europe-based ‘runners' this will be even further diminished by the USD-EUR exchange rates. Furthermore, banks will charge a premium for handling a transfer of this value unless you are in possession of private banking contacts,” it said.

“Just as ‘You can't simply walk into Mordor', you can't just walk into Switzerland or Belize. Sorry buddies, we know it sounds cool. But in the real world, financial engineering is much more complicated than that. If the prize was a cash deposit, well other considerations apply.”

Subreption also said that the $200,000 will ‘look much less interesting in a span of three years' considering interest rates and finally, that the second and third prizes are not even worth considering.

Looking closer at the fine print of the terms of the contest, Microsoft state that entrants ‘understand and acknowledge that the sponsor(s) may have developed or commissioned materials similar or identical to your submission and you waive any claims you may have resulting from any similarities to your entry'.

Subreption said: “This means in non-attorney-speak that Microsoft may forget about your submission and by means of cryptomnesia, implement it sometime in the foreseeable future as the new DEP-in-shining-armor.

“Then you won't have any rights whatsoever to claim it really landed on their hands. This akin to the ‘unsolicited material' unwritten law of the entertainment and arts industries.”

The terms also say that entrants ‘understand that we cannot control the incoming information you will disclose to our representatives in the course of entering, or what our representatives will remember about your entry. You also understand that we will not restrict work assignments of representatives who have had access to your entry. By entering this contest, you agree that use of information in our representatives' unaided memories in the development or deployment of our products or services does not create liability for us under this agreement or copyright or trade secret law.'

Subreption said that this was more of the former, as essentially any claim about your entry, even if it does not make it in any of the three top spots, will be out of luck. “Obviously, it remains unclear if these terms are actually enforceable in any sensible way per the United States intellectual property law. Nonetheless, it does leave a very uncomfortable creeping feeling in the spine,” it said.

Finally Microsoft insist that by entering, you ‘are agreeing to license IP and patent rights in your submission to Microsoft'. Subreption said that this means you will lose all exploitation rights to your work.

It said: “If you wind up regretting your decision of surrendering the rights and essence of your work to Microsoft, which is a more than likely scenario once you realise $50,000 or $200,000 isn't really that much money after everything we have bothered to explain, you will be out of luck to claim any rights back. This is actually something perfectly enforceable per US IP law and Microsoft has access to very fine attorneys while at it.”

Subreption pointed out that all non-winning entries will be subject to the same terms, entrants will lose any claim rights over their entry and it will be an equivalent to unsolicited material.

In conclusion, Subreption said that it believes that the contest ‘is aimed at the desperate and the naïve' and said: “It is only a clever propaganda move to attract potential technical talent into surrendering perfectly valid ideas and efforts to a corporation that invests far more than a sorry $260,000 in their security budget.”


Microsoft have been invited to comment on these claims.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews