Security Experts:

Google Announces CTF Competition

Google announced on Friday the dates and prizes for the company’s second annual capture the flag (CTF) competition.

The qualifying round, for which nearly 200 teams have already signed up, will take place on June 17 and 18. The top 10 teams will be invited to one of Google’s offices for the final round.

The prize pool for Google’s CTF is more than $31,000, which includes $13,337 for the first place prize, $7,331 for second place and $3,133.7 for third place. The tech giant will also cover travel costs for up to four members of each finalist team – up to $8,000 per team.

During the qualification round, participants can submit a summary of how they solved a particular challenge and these reports can also earn prizes. Google is prepared to award $100 for each of the 21 best submissions, and $500 for each of the 11 most creative solutions.

The top 10 teams will be announced on or around June 20 and the final is scheduled to take place sometime in October.

At last year’s event, 2,400 teams signed up and 900 of them completed at least one challenge.

According to Google, the goal of the event is to engage the broader security community and give security enthusiasts the chance to teach valuable lessons to both Google and the community.

“Upon observing how last year's competition engaged new players from all over the world, we want to continue to create a safe space for people to come and learn while trying to solve challenges and having fun,” said Josh Armour, Security Program Manager at Google. “Our internal security team employs several people who actively compete in CTF competitions in their spare time, so we value this activity and want to give back to and help grow our community.”

Google has been running several cybersecurity initiatives and by the end of 2016 it had paid out more than $9 million in bug bounties. The company recently announced the expansion of its Patch Rewards program to cover integration of fuzzing targets into its OSS-Fuzz service.

The tech giant also informed bug bounty hunters in March that certain types of flaws would earn them more money – up to $31,337 is now offered for remote code execution vulnerabilities and up to $13,337 for unrestricted file system or database access flaws.

However, not all of Google’s contests are a success. The company admitted in April that its Project Zero Prize competition, which offered $200,000 for critical Android vulnerabilities and exploit chains, had not received any valid bug reports.

Related: Google Offers $200,000 for TrustZone, Verified Boot Exploits

Related: Facebook Open Sources CTF Platform

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.