retrace-challenge-2017

Ribose Retrace Challenge 2017

The Retrace Challenge + Rewards

See submissions found on FreeBSD/NetBSD/DragonFlyBSD

retrace is a versatile security vulnerability / bug discovery tool through monitoring and modifying the behavior of compiled binaries on Linux, OpenBSD/FreeBSD/NetBSD (shared object) and macOS (dynamic library).

retrace can be used to assist reverse engineering / debugging dynamically-linked ELF (Linux/OpenBSD/FreeBSD/NetBSD) and Mach-O (macOS) binary executables.

Posted: 2017-08-09

We are happy to announce the Retrace Challenge!

The challenge is composed of three categories:

Our goal of the challenge is to:

The main category is the “Bug Challenge”: to find bugs (any bug AND security vulnerabilities) in well-known software (OSS or proprietary) using retrace.

Important Information

Please understand that while we aim to fully implement the spirit of fairness, in the case of any unresolved ambiguity or dispute, the organizer has the sole rights to make all decisions.

The Bug Challenge

The Bug Challenge encourages finding bugs (any bug AND security vulnerabilities) in well-known software (OSS / proprietary) using retrace.

Eligibility

Eligibility Of Bug Report

CVE CVSS Score And Using retrace

Bug Challenge Rewards

Challenge rewards are given according to the CVE CVSS score of the entry:

The retrace team will decide among all submissions of the same class (e.g., Medium, High), which discovered bugs would receive what prize, according to criteria derived from the following angles:

Submitting To The Bug Challenge

Send an email to retrace@ribose.com with subject “Retrace Bug Challenge Submission” providing the following information:

  1. Your particulars
    • Name (Title and Company if any)
    • Email
  2. Bug details
    • Description
    • CVE score
    • CVE link and bug report link
    • Evidence of bug report acknowledged and confirmed by software author
    • Evidence of fulfillment of challenge eligibility criteria (e.g., inclusion of retrace usage) in the bug report

The Improvement Challenge

The “improvement challenge” is to improve the actual retrace tool in form of code.

The challenger should write code that improves retrace (library or CLI) to do something useful.

Eligibility

Improvement Challenge Rewards

Submitting To The Improvement Challenge

Submission is through GitHub Pull Requests to the https://github.com/riboseinc/retrace[retrace git repo].

I confirm that this submission does not infringe upon any intellectual property rights of any third party, and I have full rights to grant any rights and licenses of this work. I hereby assign the retrace project and its successors, a royalty-free, irrevocable, worldwide, non-exclusive, perpetual right and license to use, distribute, reproduce, modify and prepare derivative works of this submission, to perform and display publicly this submission, and to practice inventions in or associated with this submission, with (for each of the foregoing) full rights to authorize others to do the same.

The Usage Challenge

The “usage challenge” is to discover creative and interesting ways of using retrace in form of code.

The challenger should write code that utilizes and incorporates retrace (lib or CLI) to do something useful AND interesting. The results will be incorporated in the /examples directory of the retrace repo for public usage, for the benefit of all.

Eligibility

Usage Challenge Rewards

Your submission will be judged on how useful it is to the retrace target audience. The term “useful” is defined by its common English definition, with any decisions solely decided by the organizer.

Submitting To The Usage Challenge

Submission is through GitHub Pull Requests to the retrace git repo.