

Darpa Cyber Grand Challeng - galapago
http://www.darpa.mil/cybergrandchallenge

======
dguido
Forum is here:
[http://www.darpa.mil/cybergrandchallenge/](http://www.darpa.mil/cybergrandchallenge/)

Full BAA is here:
[https://www.fbo.gov/index?s=opportunity&mode=form&id=2d589ae...](https://www.fbo.gov/index?s=opportunity&mode=form&id=2d589aebab18340452de8e0607dc9ebc&tab=core&_cview=0)

Shorter Rules document (includes open track info):
[https://dtsn.darpa.mil/cybergrandchallenge/CyberGrandChallen...](https://dtsn.darpa.mil/cybergrandchallenge/CyberGrandChallenge_Rules.pdf)

There was a discussion about it on Reddit netsec a few days ago:
[http://www.reddit.com/r/netsec/comments/1ozoiy/darpas_cyber_...](http://www.reddit.com/r/netsec/comments/1ozoiy/darpas_cyber_grand_challenge_cyber_defense/)

Finally, the program manager running it, Mike Walker, is going to be giving
one of his first public talks about the Cyber Grand Challenge at THREADS in
NYC on Thursday, November 14th:
[http://threads.isis.poly.edu](http://threads.isis.poly.edu)

------
sailfast
Ironically, I received a certificate error when attempting to click on the
"Documents" tab. Aside from that, this sounds very interesting and they have a
good track record with challenges - I hope it goes well for them and might
check out participating on a team.

~~~
dm2
[http://telework.dcma.mil/installroot.cfm](http://telework.dcma.mil/installroot.cfm)

------
ajays
How's this for a non-Grand Challenge: make sure your SSL certificates are
valid?

~~~
wuji
It is valid for me. Perhaps you don't have the DOD CA installed in your
browser.

~~~
IceyEC
Firefox doesn't come with the DOD CA installed...

------
galapago
Rules and prices are available here:

[http://dtsn.darpa.mil/cybergrandchallenge/CyberGrandChalleng...](http://dtsn.darpa.mil/cybergrandchallenge/CyberGrandChallenge_Rules_v1.pdf)

------
impostervt
How could they not call this the Skynet challenge?

------
hawleyal
Bad SSL.

------
balabaster
I can't be the only one thinking this is a bad idea - not because of what the
site suggests their intended goal is, which at first glance is entirely
reasonable.

Once they've automated defense, how long until someone automates offense...
and then how long until everyone is caught in the middle of a cyber arms race?

If a computer system is designed to defend itself against attackers, where
does that path lead? Before this project, I've laughed off the Skynet
conspiracy theories, but given the recent revelations about the amount of
trust we can put in U.S. government agencies, and a project of this nature in
the hands of a U.S. military agency, this should be raising huge red flags in
people's minds.

~~~
dmix
Metasploit, DSploit, Shodan, etc - these are all automated attack systems
(vulnerability finders / exploiters).

