On Saturday Dec 3, at BSides Cape Town we announced the winner of a prize for local information security research. The purpose of the competition was twofold. Firstly, to highlight interesting research produced in .za for the purpose of publicising up 'n coming security folks, since there are a few disparate communities (academic / industry is the greatest split). Secondly, to provide some degree of reward in the form of a cash prize. The prize is (unsurprisingly) not meant to compensate for time spent, but rather to give the typical researcher who conducts the work in their spare time some recognition and perhaps a cool gadget to associate with the work.

The competition was a little disappointing for a single, but significant, reason: the lack of nominations. In all, six people nominated three pieces of work from two researchers. Considering there were four security conferences this year in South Africa, it's not possible that even a reasonable minority of the research produced was considered for the prize. This was a no-strings-attached cash prize; there is no handover of IP or copyright, and no requirements on the winner (though we do offer an interview on our blog to publicise their work, should they choose to). With this in mind, it's strange how few nominations were received; for example, while the competition received some coverage on Twitter, very few nominations originated from there. The timing was tight (competition announced two weeks prior to BSides), but that only accounts for a smaller circumference, not a lack of involvement.

The two nominees were:

• Jameel Haffejee of Thinkst, who received two nominations for his work on the Google Chrome GPG plugin, and the security conference data collector.
• Etienne Stalmans of Rhodes University, for his work on detecting fastflux botnets through DNS traffic.

Given the small number of nominations, the panel was composed of three SensePost'ers, Dominic, Ian and myself.

The! winner! of! the! R5000! prize! was! Etienne! Stalmans!

In addition, a finder's fee of R500 was offered to the person who nominated the winning entry. Etienne received two nominations, and so a coin was flipped to determine who got the fee; Samuel Hunter was the winner.

Thanks to the Pieter for organising BSides Cape Town and providing us a spot to announce the winners, and thanks to everyone who sent in a nomination. Compliments to both nominees for having their work recognised by others in the community, and congratulations to Etienne for winning the prize.

We remain committed to research and the sponsorship concept, so expect an announcement towards the end of next year and keep an eye open during the year for research that strikes you as interesting.

SensePost is proud to announce a competition to identify the best information security research published by a resident of South Africa in 2011 (Jan 1st to Dec 3rd). Much security research is unfunded and private but, when published, enters the toolsets and minds of security companies worldwide. South Africa's security industry is best-described as "fledgling", and we want to support researchers who produce quality research.

Heads up: even if you're not a researcher, you can still win by nominating work, so continue reading.

What are we doing?

On December 3 2011 at B-Sides Cape Town, SensePost will present a prize for the best research by a South African resident. In order to judge this, we are seeking nominations for the prize.

Dates?

• November 21 - Competition announced
• November 30 23:59 - Nominations close
• December 3 - Winner announced at B-Sides Cape Town

Who qualifies as a nominator?

Any living person. You can nominate as many pieces of research as you like. You can also nominate your own work, if it qualifies with everything below.

Who qualifies as a researcher?

Any resident of South Africa. Publication location can be local or international.

SensePost employees and members of the judging panel are obviously excluded.

What research qualifies?

A single piece of information security research published in 2011 at, at the minimum, a semi-formal venue. Conferences (industry cons such as ITWeb, ZaCon or B-Sides and academic cons such as ISSA, SATNAC or SAICSIT), journals, whitepapers all are in scope. Blogs, forums and IRC unfortunately don't count. We aim for inclusivity, so contact us (see below) if you're unsure.

We're seeking interesting / groundbreaking / game-changing information security research, either industry-focused or academically-inclined.

You're welcome to make multiple nominations for different work, and even nominate your own work.

What are the prizes?

R5000 (five grand) in cold hard cash, awarded to a single piece of work (no runner-ups), with the entire prize going to the winner. In the event of co-authors, the prize will be split as they deem fit. Should it not be possible to track down the prize holder (anonymous etc), then the prize money will be awarded to the next best work.

In addition, we'll award a R500 finder's fee to the person who nominated the winner. Should the winner have been nominated multiple times, then all verified nominator names will be placed into a hat and a single winner drawn.

Do I need to be present at B-Sides Cape Town?

No. While it would be great, your presence there isn't required. Winners will be announced at B-Sides and later notified via email. An interview will be conducted with the winner for further exposure of their research.

Who is judging this?

A few senior SensePost guys in collaboration with industry/academic peers. Full panel will be announced when the winners are announced.

Submission!!!

Mail the details below to zaprize@sensepost.com.

• Researcher Name
• Research Title
• Publication Venue and Date
• Your (nominator's) name. Handle is fine, but if you want to enter the finder's fee competition, we'll need a name too.

Boilerplate

Judges decision is final and, while we will accept correspondence, it will be printed out and made fun of. But we're not changing our decisions.