Built it, broke it, fixed it!

Final year undergraduate Thomas Kerber has come second in the international security programming contest, ‘Build it, Break it, Fix it.'

Thomas was awarded the $1500 prize in the open online competition and received a further$562 in one of the rounds.

The contest takes place over three consecutive weekends. During the Build It round, entrants write software to address a problem announced on the first day of the contest. To qualify, their software must pass a set of tests. Scores are based on its performance, and on how many optional features it implements.

In the Break It round, contestants find as many flaws as possible in the software submitted by other teams. During the Fix It round, participants try to fix those problems.

Thomas admits, “Having my code being actively broken by determined attackers was an exciting and somewhat terrifying experience, making it obvious just how easy it is for mistakes to slip in, even in the most controlled environment.”

Professor David Aspinall, who heads up our Security and Privacy Group, is very pleased by Thomas’s achievement:

“Thomas entered as 'fivedollarwrench' and won second place in the Build-It stage.  This is very impressive, the competition was difficult and it was a completely new type of programming contest.”

Build it, Break it, Fix it’ was designed by researchers from University of Maryland and Carnegie Mellon University to encourage students all over the world to develop secure and efficient programs.

Professor Aspinall says,

“To make future software more resilient against the kind of cyber attacks we've seen on Talk Talk, Tesco and with Internet-of-Things botnets, we need to make software better by employing secure programming methods as a standard part of software engineering."