August 16, 2018

Facebook awards $200,000 to 2018 Internet Defense Prize winners

By: Pieter Hooimeijer, Nektarios Leontiadis

Today we awarded $200,000 in total to the top three winners of the Internet Defense Prize.

The award ceremony at the 27th USENIX Security Symposium in Baltimore, MD is the fifth annual iteration of the award, and it has grown over time. When we created this in 2014, in partnership with USENIX, we awarded $50,000 to a single winner, and in subsequent years, the award grew to $100,000 for the authors of one winning paper. This year, we’re providing $200,000 in total prize money, and for the first time, we are awarding the authors of the top three papers:

  • As in previous years, $100,000 to the group of authors for the winning paper;
  • $60,000 for second place;
  • $40,000 for third place.

This increase represents our ongoing commitment to defensive security and privacy research, and also our observation that this year’s submissions were of very high quality.

The 2018 Internet Defense Prize winners are as follows:

1st Place ($100,000) to Gertjan Franken, Tom Van Goethem and Wouter Joosen from imec-DistriNet, KU Leuven, for their work titled Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies.

This work enables important improvements in the way browsers prevent cross-site attacks and third-party tracking through cookies. We believe that improving these safeguards is critical to user privacy on the web.

2nd Place ($60,000) to Mark O’Neill, Scott Heidbrink, Jordan Whitehead, Tanner Perdue, Luke Dickinson, Torstein Collett, Matthew Martindale, Kent Seamons and Daniel Zappala from Brigham Young University, for their work titled The Secure Socket API: TLS as an Operating System Service.

This work provides a prototype implementation that makes it easier for application developers to make appropriate use of cryptography. We believe safe-by-default libraries and frameworks are an important foundation for more secure software.

3rd Place ($40,000) to Ronghai Yang, Wing Cheong Lau, Jiongyi Chen and Kehuan Zhang from The Chinese University of Hong Kong and Sangfor Technologies Inc., for their work titled Vetting Single Sign-On SDK Implementations via Symbolic Reasoning.

This work takes a critical look at the implementation of single sign-on code. Single sign-on provides a partial solution to the internet’s over-reliance on passwords. This code is widely used, and ensuring its safety has direct implications for user safety online.

We want to congratulate the winners of this year’s Internet Defense Prize. We believe that defensive security research will be increasingly critical to the safety of computer systems in general, and consumer use of the internet in particular. Finally, we thank USENIX and the USENIX Security steering committee for their continued partnership.

For more information about the Internet Defense Prize, please visit

Today’s $200,000 investment came on the heels of last week’s Secure the Internet Grants, which awarded $800,000 to 10 grant proposals. Together, Facebook’s rewards this month totaled a $1 million investment in defense-based research.