The Cyber Grand Challenge final event was the first head-to-head competition among developers of some of the most sophisticated automated bug-hunting systems ever developed.
For almost 10 hours, competitors played the classic cyber security exercise of Capture the Flag in a specially created computer testbed laden with an array of bugs hidden inside custom, never-before-analyzed software. The machines were challenged to find and patch within seconds—not the usual months—flawed code that was vulnerable to being hacked, and find their opponents’ weaknesses before the defending systems did. The entire event was visualized for attendees on giant monitors and livestreamed for remote viewers, with expert “sportscasters” documenting the historic competition.
The top-scoring machine was Mayhem, developed by team ForAllSecure of Pittsburgh. Second place was formally awarded to Xandra, a cyber reasoning system developed by TECHx of Ithaca, N.Y., and Charlottesville, Va. Third place was awarded to Mechanical Phish, developed by Shellphish of Santa Barbara, Calif.
At a ceremony held in the ballroom of the Paris Las Vegas Conference Center, DARPA Director Arati Prabhakar and CGC program manager Mike Walker congratulated the winners and thanked all of the seven competing finalist teams for helping DARPA achieve its goal of accelerating the development of advanced, autonomous systems that can detect, evaluate, and patch software vulnerabilities before adversaries have a chance to exploit them.
All teams received trophies for their efforts and the top three teams were awarded $2 million, $1 million, and $750,000, respectively. The other four contestants were:
- Rubeus, a system developed by Deep Red of Arlington, Va.
- Galactica, a system developed by CodeJitsu of Berkeley, Ca., Syracuse, N.Y., and Lausanne, Switzerland
- Jima, a system developed by CSDS of Moscow, Id.
- Crspy, a system developed by disekt of Athens, Ga.
More about the Cyber Grand Challenge
nine employees in Pittsburgh and the San Francisco Bay Area. ForAllSecure's technology is the result of more than a decade of program analysis research at Carnegie Mellon University.