Education Initiative Spotlight: Build it Break it

Build it Break it is a first-of-its-kind security challenge run by UMD

Build it Break it is a first-of-its-kind security challenge run by UMD

We’re proud to be a sponsor of the first Build it Break it programming contest, run by the University of Maryland (UMD) and supported by one of our own employees and PhD student at the university, Andrew Ruef. Build it Break it is a “flipped CTF” where contestants both implement secure software and identify vulnerabilities in the creations of others. Points are awarded for the secure construction of software and for identifying security flaws.

The build-it, break-it, fix-it contest was conceived as a way to acquire useful scientific evidence, while at the same time engaging the student population and the wider community in a mentality of building security in rather than adding it after the fact. – Michael Hicks

At Trail of Bits, we think Build It Break it is a necessary addition to the suite of available competitions in the security community. There are a wealth of opportunities for students to learn to break software (many of which we support), however, there are relatively few that challenge them to build it right. In this unique contest, there is something for both builders and breakers since it rewards both activities.

It also presents an opportunity for language evangelists to demonstrate the merits of their approach – if their language is “more secure” than others, it should come out on top in the contest and more implementations built with it will remain standing. Contestants can use any programming language or framework to write their software, so by observing the contest, the community gathers empirical evidence about the security or insecurity of available tools.

Any undergraduate or graduate student at a US-based university is eligible to compete for cash prizes in Build it Break it. Though, be warned that Trail of Bits engineers will be on hand to assist as a “break it” team. For more information about the motivations behind this contest, see this blog post and slide deck from Michael Hicks.

Trackbacks

  1. […] contrast with traditional security contests, Build-it, Break-it, Fix-it rewards secure software development under the same pressures that lead to bugs: tight deadlines, […]

  2. […] are proud of our roots in academia and research, and we believe it’s important to promote cyber security education for all students. We’ve been involved in CSAW since its inception. Dan and Yan competed as […]

  3. […] Sponsored Six Academic Events […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 5,754 other followers

%d bloggers like this: