02 April 2020

How to win $30,000 while protecting America

Mark Kuhr

The Synack Team America Spring 2020 Federal Competition is on and it’s not too late to join the competition for a chance to win $30,000 on top of their regular bounties and Mission payments. Here’s how it works, why you’ll want to join — and how you’ll be helping safeguard vulnerable U.S. targets in the process.

The contest:

In this challenge, Synack Red Team members earn points by rooting out vulns in a select group of Synack Federal Government targets. In addition to regular bounty and Mission payments, all work will earn points for the contest. The top point earner will win $30,000, second place will get $15,000 and third place takes home $10,000.

Points are awarded based on the

  • Severity of the accepted vulnerability
  • Number of vulns found (Researchers who power through and find multiple vulnerabilities will earn extra points.)
  • Number of Synack Missions completed (3rd Place does not have a minimum vuln requirement)
  • Bonus points on specific targets during a predetermined time period

We’re looking to reward deep recon, too, because time invested can yield more meaningful results. This isn’t just about spotting vulns, but also about accomplishing compliance security checks (Synack Missions).

Typically, our highest scoring vulnerabilities involve SQL Injection, Remote Code Execution, or an unforeseen flaw in Business Logic. But any vulnerability category can yield a high severity vulnerability in the right circumstances. SRT members will have access to Synack analytics to assist their hunting.

The contest ends June 4, 2020. Winners will be announced on social media June 8, 2020.

 

Why it matters:

Our customers always challenge us to find the most critical vulns (in the CVSS sense) — so they take action before the adversaries do. About 1 in 5 security vulnerabilities found by Synack are considered High or Critical (based on CVSS score) – the ones that can make headlines. You can help us find even more. And this is a chance for some friendly competition with fellow SRT members (the bragging rights will be priceless).

 

The really big picture:

We’re reminded of the motto for the U.S. Navy’s submarine force — known as the “Silent Service” — is “Run silent, run deep.” Our Red Team lives by that motto, too — protecting with discretion with patriotism that runs deep.

 

Who can enter:

This contest is limited to only US SRT members (though it’s not too late to join and participate). Log in, pick a target, and make some money — it’s for the security of America, and the world.