Facebook awarded $100,000 to a team of Georgia Institute of Technology researchers for discovering a new class of browser-based-memory-corruption vulnerabilities that had serious security implications for C++ programs and for building the corresponding detection technique dubbed CAVER.
Professors Taesoo Kim and Wenke Lee, along with PhD students Byoungyoung Lee, Chengyu Song, received the social media giant's Internet Defense Prize (IDP) Wednesday, at the 24th USENIX Security Symposium in Washington D.C.
The team found nine bad casts in libstdc++ and two bad casts in Firefox. The researchers detailed their findings as well as their detection techniques in their paper “Type Casting Verification: Stopping an Emerging Attack Vector.” All of the vulnerabilities have since been patched.
This is the second time the company has given out an IDP award since it created the program last year, according to a Facebook post.