Skip to content

Challenge Submission Guidelines

Caleb Fenton edited this page Sep 15, 2015 · 4 revisions

Thank you for even considering submitting a challenge. Getting more people in on the action is a great way to add diversity. We look forward to learning from the challenges ourselves. In order to ensure consistency in the challenges, here are some simple guidelines to follow.

Bug Type

Ideally bugs should be related to common security issues. Don't let that stop you if you think you have a really good idea that's not related to security, though.

Size

It should be possible to understand the code in 5 - 60 minutes for an average programmer familiar with the language.

Difficulty

There's a range. For an easy challenge, it should take at least 10 - 20 minutes by someone who has an idea of what to look for. At the most difficult, the challenge should be solvable within 3 or 4 hours by an experienced programmer.

Language

Popular languages are preferable, but we can make exceptions to this if you think your idea is cool.

Requirements

  • Code must be MIT licensed, either include a LICENSE.md or the MIT license in the code.
  • Include the line number or contiguous block of line numbers that contain the bug
  • Include a README.md which describes how to build and run the app, if possible

How to Submit

E-mail the challenge to [email protected]. It can be a secret gist, compressed archive, pastebin link, steganographically encoded in an image, etc.

Rewards!

First, you get the warm, tingly feeling of having contributed to a fun challenge which has the goal of improving the skill of developers and thus the security of software in general.

When you submit, include your address and t-shirt size if you'd like a free t-shirt. Who doesn't love free t-shirts?

Also, let us know your GitHub and / or Twitter handle so we can give you credit. Since this is security, some of you are probably paranoid and want to remain anonymous. That's OK too. Just let us know.