Researchers of CWI’s Computer Security group were awarded a prize of 1337 US dollar by Google for discovering an overflow bug that had been lurking in Java’s standard library for decades. The award amount has a symbolic meaning within the hacker community, where 1-3-3-7 (L-E-E-T) is shorthand for ‘elite’. The award was given as part of a Google program that recognizes and rewards security researchers’ often invisible and invaluable work, such as finding and reporting on critical programming errors.
Hans-Dieter Hiep, PhD researcher in CWI's Computer Security group, explains on what basis the reward for this so-called LinkedList bug was given. “In the past years, our research group has applied formal methods - rigorous mathematical and logical reasoning techniques - in verifying that actual real-world software, written in Java, is bug-free.”
The Java programming language is used by many millions of devices, ranging from large mainframes or servers housed in data centers to tiny smart cards such as debit/credit cards and SIM cards, all around the world on a daily basis. Java is used in various applications such as Android mobile phones, but also in industrial control systems, enterprise resource planning software, big data cloud applications, governmental software used in hospitals and schools, the Dutch tax authority, election software and many other applications.
The researchers prevented the possibility for hackers to make unsafe connections via a flawed 'linked list' data structure in Java.