Today a consortium of hardware and software vendors announced that they will be funding a non-profit organization that will design and offer monthly security challenges similar to the one that recently discovered a major problem in OS X. Anthony Lawrence, the newly appointed Director of Operations for this organization, explained that the motives of the funding companies aren't entirely altruistic:
The challenges will be held monthly and will have prizes running from $5,000 to $50,000.00. All manner of hardware and operating systems will be included, from iPhones and Blackberries right up through supercomputers. Precise rules and the prizes offered will be published a month ahead and each contest will run until the prize is won, so Mr. Lawrence expects that there may be multiple contests running concurrently at one point. The contests will be similar to other contests where the prize for a "hands off" hack is higher than those that require user involvement or third party applications.
There's another slant to these contests: the "Duh Awards" for security lapses that should not have happened. These are tongue-in-cheek awards to companies and individuals who make egregious security slips or repeat the same mistake again. Lawrence explained that these are supposed to be in a spirit of fun ("We all make dumb mistakes sometimes", he noted) but also hopefully will provide extra incentive to be careful in code.
The first contest is expected to be announced in July of this year. Lawrence explained that because of the number of companies involved and their generous commitment to improving security, the available prize pool exceeds $100,000 per month.. "That should be enough to attract plenty of interest", he opined.
Yes, it is April first. But wouldn't this actually be a wonderful idea?
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2009-11-07 Anthony Lawrence