Software Defined Perimeter Hackathon Rules – CSA 2015

Cloud Security Alliance $10,000 Hackathon Official Rules and Regulations

This Hackathon is organized by the Cloud Security Alliance. The terms and conditions below provide the rules of operation of this Hackathon.

IMPORTANT: 1. THIS HACKATHON IS VOID WHERE PROHIBITED OR RESTRICTED BY LAW.

2. NO PURCHASE IS NECESSARY TO ENTER OR WIN.
3. BY PARTICIPATING, YOU AGREE TO THESE OFFICIAL RULES AND REGULATIONS. IN PARTICULAR YOU AGREE THAT:
* IF YOU SHARE OR DISCLOSE AN IDEA, SUGGESTION, OR CONCEPT, OTHERS MAY USE SUCH IDEA, SUGGESTION OR CONCEPT AND INCORPORATE IT INTO AN APPLICATION ON WHICH THEY WORK NOW OR IN THE FUTURE, WITHOUT THE PAYMENT OF ANY FEE OR ROYALTY.
* YOU WAVE ANY RIGHTS, CLAIMS, AND LAWSUITS THAT YOU MAY HAVE AGAINST THE EVENT SPONSORS (INCLUDING, THEIR AGENTS, CO-SPONSORS, AND VENDORS) AND ANYONE PARTICIPATING IN THIS HACKATHON.
* THE EVENT SPONSORS (INCLUDING, THEIR AGENTS, CO-SPONSORS, AND VENDORS) AND ANYONE PARTICIPATING IN THIS HACKATHON MAY USE OR INCORPORATE INTO AN APPLICATION OR ANOTHER OTHER PRODUCT OR SERVICE, ANY IDEA, SUGGESTION, OR CONCEPT THAT YOU DISCLOSE DURING THIS HACKATHON.
* YOU REPRESENT AND WARRANT THAT YOU HAVE SUFFICIENT RIGHT TO SHARE AND/OR DISCLOSE ANY SUCH IDEAS, SUGGESTIONS, OR CONCEPTS DURING OR IN CONNECTION WITH THIS HACKATHON. 4. THIS HACKATHON IS GOVERNED BY THESE OFFICIAL RULES, THE LAWS OF THE STATE OF WASHINGTON, AND OTHER APPLICABLE LAWS OF THE UNITED STATES. IT IS ALSO GOVERNED BY ALL OTHER APPLICABLE FEDERAL, PROVINCIAL, MUNICIPAL AND LOCAL LAWS AND REGULATIONS. 5. BY PARTICIPATING, YOU AGREE TO BE BOUND BY THESE OFFICIAL RULES, AND ALL THE DECISIONS OF THE CLOUD SECURITY ALLIANCE REGARDING THE HACKATHON. ALL SUCH DECISIONS SHALL BE DEEMED FINAL AND BINDING IN ALL RESPECTS. 6. IF YOU CANNOT AGREE TO THESE CONDITIONS, YOU CANNOT PARTICIPATE IN THIS HACKATHON.

COMMON TERMS USED IN THESE RULES 7. These Official Rules and Regulations (“Official Rules”) govern the operation of the Cloud Security Alliance $10,000 Hackathon (“Hackathon”). 8. In these Official Rules, “we,” “our,” and “us” refer to the Cloud Security Alliance. 9. “Contestant,” “you” and “yourself” refer to an eligible participant in the Hackathon (as defined below).

OVERVIEW

  • The purpose of this Hackathon is to determine where the technique or technology known as “Software Defined Perimeter” can be used successfully to protect a server even if a hacker is provided, or has access to, the passwords required for accessing such server
  • The Hackathon will start on Aril 20, 2105 at Noon, Pacific Time, and will close on April 24 at 12:00pm (Noon) Pacific Time.
  • Contestants will be provided with the password to access the test site at 12:00pm (Noon) Pacific Time on April 20, 2015.
  • The information regarding the location of the test server, the password and other technical details regarding the Hackathon will be published on April 20, 2015 at 12:00pm (Noon), Pacific Time.
  • If a Contestant is able to access the test server, he/she will find information and a code (a set of numbers) to be used to notify the Cloud Security Alliance that he/she broke the Software Defined Perimeter. Submissions indicating that a Contestant has been able to access the test server (“Entries”) must be submitted before April 24, 2015 at 12:00pm (Noon) Pacific Time, using the method indicated in the test server.
  • Time is of the essence. The first Contestant who submits an Entry showing his ability to access the test server will be deemed the winner of the Prize.
  • Contestants must be older than 18 and have reached the legal age of majority in the country or state in which they reside.

START AND END DATES AND TIMES 10. The Hackathon will begins at 12:00pm (Noon) PDT on April 20, 2015 and will end at 12:00pm (Noon) Pacific Time on April 24, 2015. 11. Any Entry showing that the Contestant was able to access the test server must be submitted before April 24, 2015, at 12:00pm (Noon) Pacific Time. 12. Time is of the essence. The first Contestant who submits an Entry showing his ability to access the test server will be deemed the winner of the Prize. 13. No Entry will be accepted after 12:00pm (Noon) on April 25, 2015. 14. Late Entries will be disqualified.

WHO MAY ENTER THE HACKATHON 15. In order to be eligible to be a Contestant, an individual must meet all of the following requirements:

  • The individual must be at least 18 years old and the age of majority in his/her jurisdiction of residence:
  • The individual must not be a resident, citizen or national of any state, nation, province, territory, or other legal subdivision where this Hackathon is or might be void or restricted by law including, by way of example, (a) Arizona, Iowa, Louisiana, North Dakota, and Vermont; (b) Province of Quebec, Canada; (c) Cuba, Iran, Syria, North Korea, Sudan, and Myanmar.
  • The individual must not be an employee or contractor or a member of the Board of Directors of the Cloud Security Alliance as of April 19, 2015, or at any time during the Hackathon; nor an immediate family member (parent, sibling, spouse, child) or household member of any employee, contractor, or member of the Board of Directors of the Cloud Security Alliance.
  • The individual and no one in the immediate family (parent, sibling, spouse, child) or household of that individual may be, or have been, involved in any part of the creation, promotion, execution or administration of this Hackathon. 16. If a Contestant is an employee of a corporation, government or an academic institution, or is enrolled as a student or representing his or her employer, government, or academic institution in this Hackathon, the Contestant is solely responsible for reviewing, understanding and abiding by his or her employer, government, or academic institution’s policies regarding eligibility to participate in the Hackathon. 17. Any Contestant who is found to be in violation of his or her school, government or employer’s policies will be disqualified from participating in the Hackathon. 18. The Cloud Security Alliance disclaims all liability or responsibility for disputes related to the Hackathon arising between a Contestant and his/her employer, government or academic institution.

HOW TO ENTER 19. Contestants will be provided with the necessary information regarding the location of the test server and its password through a notice that will be posted on the website of the Cloud Security Alliance at

hacksdp.com. 20. If a Contestant is able to access the test server, he/she will find information and a code (a set of numbers) to be used to notify the Cloud Security Alliance that he/she broke the Software Defined Perimeter. 21. Submissions indicating that a Contestant has been able to access the test server (“Entries”) must be submitted before April 24, 2015 at 12:00pm (Noon) Pacific Time, using the method indicated in the test server. 22. An Entry will be deemed invalid if the Contestant has not provided his/her true and current legal name, email address, and telephone number. 23. Contestant information submitted to us will be collected in accordance with our Privacy Policy, which can be found at https://cloudsecurityalliance.org/privacy.html.

WHAT AND HOW TO SUBMIT AN ENTRY 24. If a Contestant is able to access the test server, he/she will find information and a code (a set of numbers) to be used to notify the Cloud Security Alliance that he/she broke the Software Defined Perimeter. 25. Submissions indicating that a Contestant has been able to access the test server (“Entries”) must be submitted before April 24, 2015 at 12:00pm (Noon) Pacific Time, using the method indicated in the test server. 26. Time is of the essence. The first Contestant who submits an Entry showing his ability to access the test server will be deemed the winner of the Prize. 27. A registration code will be required to submit an Entry. 28. Entries must consist of:

  • The set of numbers and letter that is provided in the test server
  • A description of the method used to access the server (not longer than maximum 1,000 words, submitted in English) 29. The method used to access the test server may not rely on any third-party proprietary code for which the Contestant does not have the appropriate license or permission to use. 30. It is permissible to use open-source tools. 31. The Contestant is responsible for ensuring that the method that used to access the test server does not infringe or violate any third-party intellectual property rights and other rights. 32. The method used to access the test server must:

  • Be repeatable;

  • Be functional and comply with these Official Rules 33. By submitting an Entry in this Hackathon, you represent that:

  • You and your Entry comply with these Official Rules;

  • Your Entry is your original work;
  • You have obtained any and all consents, approvals, or licenses required for you to use the technology or techniques that you use to access the test server;
  • Your Entry will not violate anyone else’s rights or the law.

PRIZE 34. The Contestant who (a) is able to access the test server; and (b) provides the string of letters and number that shows that he/she accessed the test server; and (c) it the first to complete such delivery of the string of letter and number before April 24, 2015, 12:00pm (Noon) Pacific Time to the Cloud Security Alliance, using the method and instructions outline in the test server behind the Software Defined Perimeter, and (c) to do so in accordance with these Official Rules will be awarded the sum of $10,000 payable in the form of a check from the Cloud Security Alliance. 35. If you are confirmed as a winner and you accept the prize:

  • You will provide Cloud Security Alliance with your legal name, address, and social security number/tax ID as well as other information requested for tax reporting purposes;
  • You will self-report to applicable taxing authorities, as may be required by applicable laws, and will be solely responsible for all applicable taxes and costs related to accepting and using the prize; and
  • You will participate in media interviews as requested by us.
  • You will retain the prize monies only in conformity with any applicable policies of his or her employer, academic institution, or government regarding participation in and receipt of promotional consideration relating to the Hackathon and receipt and retention of prize. If the policy of an employer, academic institution or government is applicable, the Contestant is solely responsible, in consultation with his or her employer, government, or academic institution, to determine how and if the prize will be retained and/or distributed and accounted for. The Cloud Security Alliance does not assume any responsibility regarding this issue.

NOTIFICATIONS 36. All notifications we attempt to make are subject to the following conditions:

  • We may notify you by sending a message to the email address and/or attempting to contact you at the telephone number provided at registration.
  • If the notification is returned undeliverable, or you are otherwise unreachable, we may disqualify you.
  • If there is a dispute as to the identity of a particular Contestant, we will consider the Contestant to be the authorized account holder of the e-mail provided at time of sign up.
  • If a dispute as to the identity of a particular Contestant continues, we reserve the right to make a final determination as to the identity of a Contestant.
  • If you are selected as a potential winner, we may require you to sign an Affidavit of Eligibility, Liability and Publicity Release and W-9 tax form (for U.S. residents) or W-8BEN tax form (for non-U.S. residents).
  • If you do not complete and return the required forms as instructed and within the times indicated in the notification, we may disqualify you. 37. The name of the winner, if any, of this Hackathon will be published on or before May 1, 2015, 12:00pm (Noon) Pacific Time on the Cloud Security Alliance website at www.cloudsecurityalliance.org.

WINNING ENTRY 38. Other than what is set forth in these Official Rules, the Cloud Security Alliance is not claiming any rights to own or use an Entry. 39. By submitting your Entry, you agree to:

  • To grant the Cloud Security Alliance an irrevocable, royalty-free, worldwide right and license to: (i) use, review, assess, test, and analyze your Entry and all its content in connection with this Hackathon; and (ii) feature your Entry and all its content in connection with the marketing or promotion of this Hackathon and of the Cloud Security Alliance (including but not limited to internal and external presentations and press releases) in all media now known or later developed;
  • To sign any necessary documentation that may be required for us and our designees to exercise the rights so granted;
  • To assist us and our representatives in the creation of white papers detailing your Entry. Upon your approval of such white papers, you give us permission to display such white papers on our websites and in other marketing materials, such as printed materials, online articles, video, audio, and other digital recordings;
  • That you will not receive any compensation or credit from us for use of your Entry, other than what is described in these Official Rules.

OTHER CONDITIONS 40. By entering this Hackathon you agree to the following:

  • To abide by the Official Rules;
  • To release and hold harmless the Cloud Security Alliance, and its respective subsidiaries, affiliates, employees and agents from any and all liability or any injury, loss or damage of any kind arising from or in connection with this Hackathon and its promotion, or any prize won;
  • That the decisions of the Cloud Security Alliance will be final and binding on all matters related to this Hackathon;
  • The Cloud Security Alliance may modify these Official Rules at its sole discretion.
  • If you accept the prize, the Cloud Security Alliance may use your proper name and state, country, and/or region of residence, image, employment information, online and in print, or in any other media (now available or later developed), in connection with this Hackathon, without payment or compensation to you, except where prohibited by law;
  • To contact us before promoting or publicizing your winning the Hackathon; and
  • To not use or display any the Cloud Security Alliance trademark (including any logo or brand) without our prior-written permission;
  • The Cloud Security Alliance may contract third party vendors to assist and provide services related to the operation of this Hackathon.

DISPUTES 41. Any disputes, claims, and causes of action arising out of or connected with the Hackathon, or any benefits received, or the administration of the Hackathon not resolved through internal adjudication shall be resolved individually, without resort to any form of class action, and exclusively by arbitration, and shall take place in the State of California pursuant to the Rules of the American Arbitration Association, then effective. 42. All claims, judgments and awards shall be limited to actual out-of-pocket costs incurred in participating in the Hackathon and in no event shall the parties be entitled to receive attorneys’ fees or other legal costs; 43. The parties shall not be permitted to claim or obtain awards for punitive, incidental and consequential damages and any other damages, other than for actual out-of-pocket expenses. LIMITATION OF WARRANTIES, DISCLAIMERS OF LIABILITY 44. THE CLOUD SECURITY ALLIANCE, ITS SUBSIDIARIES, AFFILIATED COMPANIES, SPONSORS, PARTNERS, CORPORATE MEMBERS, AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, REPRESENTATIVES AND AGENTS (COLLECTIVELY, THE “RELEASED PARTIES”) EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES OR CONDITIONS OF ANY KIND (WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE), INCLUDING BUT NOT LIMITED TO, IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. 45. THE RELEASED PARTIES WILL, UNDER NO CIRCUMSTANCES, BE HELD RESPONSIBLE OR LIABLE FOR THEIR OR A CONTESTANT’S USE OF THE INFORMATION PROVIDED AND/OR MADE AVAILABLE THROUGH THE HACKATHON OR FOR ERRORS OR ANOMALIES RESULTING IN THE UNINTENDED OR ERRONEOUS PARTICIPATION, AWARD OF HACKATHON PRIZE OR OTHER BENEFITS UNDER THE HACKATHON TO CONTESTANTS. 46. THE RELEASED PARTIES OFFER NO ASSURANCES, GUARANTEES OR WARRANTIES OR CONDITIONS THAT THE HACKATHON WILL BE UNINTERRUPTED OR ERROR-FREE AND DO NOT GUARANTEE THE ACCURACY OR RELIABILITY OF ANY INFORMATION PROVIDED OR OBTAINED THROUGH THE HACKATHON. 47. THE RELEASED PARTIES ASSUME NO RESPONSIBILITY FOR ANY COMPUTER-RELATED DAMAGES DUE TO DOWNLOADING MATERIALS, FOR DAMAGES OF ANY KIND RELATED TO AN CONTESTANT’S PARTICIPATION OR INABILITY TO PARTICIPATE IN THE HACKATHON, WHETHER THE DAMAGES ARE DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL. 48. THE RELEASED PARTIES SHALL NOT BE LIABLE FOR, AND WILL BE HELD HARMLESS BY CONTESTANT AGAINST, ANY LIABILITY FOR ANY DAMAGE, INJURY OR LOSS TO PERSON (INCLUDING DEATH) OR PROPERTY DUE IN WHOLE OR IN PART, DIRECTLY OR INDIRECTLY, TO PARTICIPATION IN ANY HACKATHON-RELATED ACTIVITY. INDEMNIFICATION 49. You agree to defend, indemnify and hold harmless Released Parties from and against any liability, financial or other, for any claims, losses, damages or proceedings, including but not limited for death, and including reasonable attorneys’ fees, relating to any actions taken by you, including submission of applications, or anyone else using your email or password or purporting to act on your behalf in regard to the Hackathon (whether or not such use occurred with or without your permission).

UNEXPECTED EVENTS 50. If the fairness or integrity of this Hackathon is affected by an unexpected event, including, without limitation, a virus, bug, bot, a catastrophic event, or someone cheating or committing fraud, we reserve the right to cancel, change, or suspend this Hackathon, whether the event is due to human or technical error.

FRAUD AND OTHER ACTIVITIES 51. If any Contestant attempts to compromise the integrity or the legitimate operation of this Hackathon, or if we have reason to believe that the Contestant compromised the integrity or the legitimate operation of this Hackathon, such as by cheating, committing fraud, hacking, creating a bot or other automated program, the Cloud Security Alliance may seek damages from such Contestant, or disqualify or ban the Contestant from participating in any of its future Hackathons.

WHO IS SPONSORING THIS HACKATHON? 52. The Cloud Security Alliance is sponsoring and operating this Hackathon. Its address is: Cloud Security Alliance 2212 Queen Anne Avenue N Seattle, WA 98109 USA

www.cloudsecurityalliance.org