GITHUB SECURITY LAB CTF: GO AND DON'T RETURN CONTEST

OFFICIAL RULES

1. SPONSOR

These Official Rules (“Rules”) govern the operation of the GitHub Security Lab CTF: Go and don't return Contest (“Contest”). Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052, USA, is the Contest sponsor (“Sponsor”).

1. DEFINITIONS

In these Rules, "Microsoft", "we", "our", and "us" refer to Sponsor and “you” and "yourself" refers to a Contest participant, or the parent/legal guardian of any Contest entrant who has not reached the age of majority to contractually obligate themselves in their legal place of residence. By entering you (your parent/legal guardian if you are not the age of majority in your legal place of residence) agree to be bound by these Rules.

1. ENTRY PERIOD

The Contest starts at 12:01 a.m. Pacific Time (PT) on March 5, 2021, and ends at 11:59 p.m. PT on March 31, 2021 (“Entry Period”).

1. ELIGIBILITY

To enter, you must be a professional or enthusiast in the field of IT research and development and be 16 years of age or older. If you are 16 years of age or older but have not reached the age of majority in your legal place of residence, then you must have consent of a parent/legal guardian.

Employees and directors of Microsoft Corporation and its subsidiaries, affiliates, advertising agencies, and Contest Parties are not eligible, nor are persons involved in the execution or administration of this promotion, or the family members of each above (parents, children, siblings, spouse/domestic partners, or individuals residing in the same household). Void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, and where prohibited.

1. HOW TO ENTER

To create an entry, visit https://securitylab.github.com/ctf/go-and-dont-return/ and follow the steps to install and set up CodeQL, download the Contest code database, and develop CodeQL queries to find the ‘flag’ in the Contest code (your “Entry”).

To submit an Entry, create and use a secret GitHub gist or a private GitHub repository. Submit a write-up of your answers for each step, in the gist or in the README.md of your repo, or in another file of your repo. These answers will consist of CodeQL queries, text answers, and other software code. Your main write-up file can be a plain text, markdown, html... as long as the code snippets are easily readable and meet requirements set forth in section 6: Eligible Entries below. You can either include all these answers directly within the main write-up (especially short answers or short code snippets), or you can create several individual files that you will reference in your main write-up. When you are ready to submit, just email ctf@github.com with the link to your gist or to your repo. If you are using a private repo, first invite the user securitylab-ctf as a collaborator.

You may enter as many times as you’d like but only your last and most recent submission will count as your official entry.

Any attempt by any of you to obtain more than the stated number of entries by using multiple/different accounts, email addresses, identities, registrations, logins, or any other methods will void your entries and you may be disqualified. Use of any automated system to participate is prohibited.

We are not responsible for excess, lost, late, or incomplete entries. If disputed, entries will be deemed submitted by the “authorized account holder” of the email address, social media account, or other method used to enter. The “authorized account holder” is the natural person assigned to an email address by an internet or online service provider, or other organization responsible for assigning email addresses.

1. ELIGIBLE ENTRY

To be eligible, an entry must meet the following content/technical requirements:

• Your entry must be your own original work; and
• Your entry cannot have been selected as a winner in any other contest; and
• You must have obtained any and all consents, approvals, or licenses required for you to submit your entry; and
• To the extent that entry requires the submission of user-generated content such as software, photos, videos, music, artwork, essays, etc., entrants warrant that their entry is their original work, has not been copied from others without permission or apparent rights, and does not violate the privacy, intellectual property rights, or other rights of any other person or entity. You may include Microsoft trademarks, logos, and designs, for which Microsoft grants you a limited license to use for the sole purposes of submitting an entry into this Contest; and

• Your entry may NOT contain, as determined by us in our sole and absolute discretion, any content that is obscene or offensive, violent, defamatory, disparaging or illegal, or that promotes alcohol, illegal drugs, tobacco or a particular political agenda, or that communicates messages that may reflect negatively on the goodwill of Microsoft.

• USE OF YOUR ENTRY

We are not claiming ownership rights to your Submission. However, by submitting an entry, you grant us an irrevocable, royalty-free, worldwide right and license to use, review, assess, test and otherwise analyze your entry and all its content in connection with this Contest and use your entry in any media whatsoever now known or later invented for any non-commercial or commercial purpose, including, but not limited to, the marketing, sale or promotion of Microsoft products or services, without further permission from you. You will not receive any compensation or credit for use of your entry, other than what is described in these Official Rules.

By entering you acknowledge that the we may have developed or commissioned materials similar or identical to your entry and you waive any claims resulting from any similarities to your entry. Further you understand that we will not restrict work assignments of representatives who have had access to your entry and you agree that use of information in our representatives’ unaided memories in the development or deployment of our products or services does not create liability for us under this agreement or copyright or trade secret law.

Your entry may be posted on a public website. We are not responsible for any unauthorized use of your entry by visitors to this website. We are not obligated to use your entry for any purpose, even if it has been selected as a winning entry.

1. WINNER SELECTION AND NOTIFICATION

Pending confirmation of eligibility, potential prize winners will be selected by Microsoft or their Agent or a qualified judging panel from among all eligible entries received based on the following judging criteria:

• 50% - Correctness - the number of Contest questions correctly answered in a Submission
• 25% - Code maturity - the style, readability and quality of the CodeQL queries in the Submission
• 25% - Originality

Winners will be selected from among all eligible entries received within 7 days following the Entry Period.

In the event of a tie between any eligible entries, an additional judge will break the tie based on the judging criteria described above. The decisions of the judges are final and binding. If we do not receive a sufficient number of entries meeting the entry requirements, we may, at our discretion, select fewer winners than the number of Contest Prizes described below. If public vote determines winners, it is prohibited for any person to obtain votes by any fraudulent or inappropriate means, including offering prizes or other inducements in exchange for votes, automated programs or fraudulent i.d’s. Microsoft will void any questionable votes.

Winners will be notified via the contact information provided during entry no more than 7 days following judging with prize claim instructions, including submission deadlines. If a selected winner cannot be contacted, is ineligible, fails to claim a prize or fails to return any forms, the selected winner will forfeit their prize and an alternate winner will be selected time allowing. If you are a potential winner and you are 16 or older, but have not reached the age of majority in your legal place of residence, we may require your parent/legal guardian to sign all required forms on your behalf. Only three alternate winners will be selected, after which unclaimed prizes will remain unawarded.

1. PRIZES

The following prizes will be awarded:

One (1) Grand Prize (s). Each winner will receive:

A 1-year subscription to Burp Suite Pro. Approximate Retail Value (ARV) $400.00.

Two (2) Second Prize (s). Each winner will receive:

A streaming equipment including a Blue Yeti X Microphone and a Logitech Brio 4K webcam. Approximate Retail Value (ARV) $350.00.

The ARV of electronic prizes is subject to price fluctuations in the consumer marketplace based on, among other things, any gap in time between the date the ARV is estimated for purposes of these Official Rules and the date the prize is awarded or redeemed. We will determine the value of the prize to be the fair market value at the time of prize award.

The total Approximate Retail Value (ARV) of all prizes: $1,100

We will only award one (1) prize(s) per person/company during the Entry Period. No more than the stated number of prizes will be awarded. No substitution, transfer, or assignment of prize permitted, except that Microsoft reserves the right to substitute a prize of equal or greater value in the event the offered prize is unavailable. Prizes are awarded “AS IS” with no warranty of any kind, either express or implied, including but not limited to, the implied warranties or merchantability, fitness for a particular purpose, or non-infringement. Prizes will be sent no later than 28 days after winner selection. Prize winners may be required to complete and return prize claim and / or tax forms (“Forms”) within the deadline stated in the winner notification. Taxes on the prize, if any, are the sole responsibility of the winner, who is advised to seek independent counsel regarding the tax implications of accepting a prize. By accepting a prize, you agree that Microsoft may use your entry, name, image and hometown online and in print, or in any other media, in connection with this Contest without payment or compensation to you, except where prohibited by law.

1. ODDS

The odds of winning are based on the number of eligible entries received.

1. GENERAL CONDITIONS AND RELEASE OF LIABILITY

To the extent allowed by law, by entering you agree to release and hold harmless Microsoft and its respective parents, partners, subsidiaries, affiliates, employees, and agents from any and all liability or any injury, loss, or damage of any kind arising in connection with this Contest or any prize won.

All local laws apply. The decisions of Microsoft are final and binding.

We reserve the right to cancel, change, or suspend this Contest for any reason, including cheating, technology failure, catastrophe, war, or any other unforeseen or unexpected event that affects the integrity of this Contest, whether human or mechanical. If the integrity of the Contest cannot be restored, we may select winners from among all eligible entries received before we had to cancel, change or suspend the Contest.

If you attempt or we have strong reason to believe that you have compromised the integrity or the legitimate operation of this Contest by cheating, hacking, creating a bot or other automated program, or by committing fraud in any way, we may seek damages from you to the full extent of the law and you may be banned from participation in future Microsoft promotions.

1. USE OF YOUR ENTRY

Personal data you provide while entering this Contest will be used by Microsoft and/or its agents and prize fulfillers acting on Microsoft’s behalf only for the administration and operation of this Contest and in accordance with the Microsoft Privacy Statement.

1. GOVERNING LAW

This Contest will be governed by the laws of the State of Washington, and you consent to the exclusive jurisdiction and venue of the courts of the State of Washington for any disputes arising out of this Contest.

1. WINNERS LIST

Send an email to ctf@github.com with the subject line “Security Lab CTF: Go and don't return Contest winners” within 30 days of March 31, 2021 to receive a list of winners that received a prize worth $25.00 or more.