Winner selection

Upon successful demonstration of the exploit, the contestant will provide a fully functioning exploit plus a whitepaper explaining the vulnerabilities and exploitation techniques used in the attack. SSD will then determine whether the exploit meets the above rules. SSD may choose to accept the entry(ies) but offer a prize at a value less than the initial prize offering for a given category if it decides that part of the exploit chain fails to meet the above rules.

A short white paper including details about all of the vulnerabilities (memory corruption, infoleaks, escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prizes.

Vulnerabilities and exploit techniques revealed by contest winners will be disclosed to the affected vendors and the exploits and whitepapers will be the property of SSD. The original finder of the vulnerability will receive credit (or remain anonymous if he wishes to) for the vulnerabilities, the whitepaper and the disclosure.

NOTE: SSD reserves the right to solely determine what constitutes a successful attack.

Comment on this FAQ

Your email address will not be published. Required fields are marked *