Break it round
2014.01.16 21:34 EDT

Round two has started! Participants should have received an email with details. If you have not, let us know.

Problem updated
2014.01.11 19:31 EDT

The contest problem has been updated. An ambiguity in the syntax has been addressed at the end of Appendix A.

Build-it Tests
2014.01.11 18:57 EDT

The build-it tests have been uploaded for your reference. The build submission system and live scoreboard should be operational shortly.

Problem updated
2014.01.10 06:02 EDT

The contest problem has been updated. Specifically, a typo in Section 2.2.1 has been fixed, and Section 3.4 has been clarified.

2014.01.09 22:10 EDT

Scoring information can be found here.

Build it round
2014.01.09 16:09 EDT

The build it round has started! Click here to view the problem.

In order to submit your code for the contest, please make a (probably private) Github or Bitbucket repository, and share it with us. Our account is "bibifi" on both sites. Team leaders, please provide us with the SSH git url to your repository here.

Every push to your repository will be run against a suite of tests. These tests will be run on Ubuntu 13.04. Make sure all of your source files are in the directory "build" at the root of your repositoy. Invoking "make" in this directory should produce an executable "imgrun".

2014.01.02 06:02 EDT

In the pilot iteration of the contest, only students enrolled at the University of Maryland, College Park can participate. This includes undergraduate and graduate students.

2013.12.17 18:19 EDT

The contest will take place online so you can participate anywhere there is internet access.

2013.12.08 21:19 EDT

The two (builders and breakers) first place teams will receive the following prices! MC2 is sponsoring a $300 prize, and Cigital is giving away five of Gary McGraw's books! These prizes are fixed and independent of the winning team's size.

2013.12.01 17:12 EDT

Do you think that your programming language of choice gives your applications greater security?

Do you think that you can find lots of bugs in other people’s software?

The Maryland Cybersecurity Center is piloting a new security-oriented programming contest --- called build-it, break-it, fix-it --- and we're looking for undergraduate individuals or small teams (up to four) to participate. The contest will test programming skills for both secure construction and bug identification. The competition will take place over three weekends during winter break.

Here is how it works:

On the first weekend, each "build-it" team will write software that implements a problem specification for a program to create. You might be asked to create a DNS server, a Bit torrent tracker, or a data file parser for a format of our choice or specification. Your program may be written a language of your choice, however, it will be scored both by how well it performs in a battery of correctness tests and how fast it is against all other submissions. It is far more preferable to have a quick and correct program than a slow and correct program! Do you think you can do it?

In the second weekend, each "break-it" team will find bugs in the submitted software. They will be given access to every submission, including its source code. The goal is then to find as many bugs as you can --- ideally, bugs with security implications. Break-it teams receive points for every unique bug you find, while build-it teams lose points for bugs found in their software.

In the third weekend, break-it teams will be able to fix reported bugs in their submissions. They'll receive points back for fixing bugs.

You can participate as either a build-it team, a break-it team, or both.

In the end, we'll announce two winners - the best build-it team and the best break-it team. The first is the team that created the optimal software (fewest bugs and best performance), and the second is the team that found the most bugs in other teams' software.

Prizes from corporate sponsors are in the works. At the moment, Cigital has graciously agreed to provide copies of Gary McGraw's books on secure programming to the winners. The web site will have the most up-to-date information.

The contest pilot will start on 1/9/14. Let's write some secure code!

2013.11.22 14:19 EDT

We would like to thank our corporate sponsors for their generous support.

Sign up!
2013.11.20 13:34 EDT

The Build it, Break it, Fix it security contest tests your ability to develop secure and fast programs. Prizes will be announced shortly. The contest will be held over three weekends this January.

In order to participate in the contest, you need to:

  1. Create an account.
  2. Create a team, or join a team (your team leader can invite you).
  3. If you are the team leader, sign your team up for the contest.


Build It Round

2014.01.09 21:00 EDT - 2014.01.12 21:00 EDT

Break It Round

1999.12.31 20:00 EDT - 2014.01.18 21:00 EDT

Fix It Round

1999.12.31 20:00 EDT - 2014.01.26 21:00 EDT