The Cyber Security Challenge has launched a new competition to test the security credentials of software developers.
Created by QinetiQ and (ISC)², it is designed to find people in the UK to protect against Stuxnet style attacks in the future and is the first UK challenge focused on software security. The Cyber Security Challenge said that this will challenge competitors to defend against the kind of vulnerabilities that allow attacks on businesses and national infrastructure.
The competition opens for registration as of today and will begin on the 6th October. It is open to any software developers over the age of 16, including current professionals and students, with competitors needing to understand the fundamentals of programming in C/C++, Objective-C and Java. It is not open to people actively working in security or with recognised credentials in secure software development such as the CSSLP.
As well as challenging a contestant's knowledge of security requirements, it will test their instincts to anticipate and eliminate vulnerabilities as they develop their own software.
The best candidates will then be invited to QinetiQ next year for a hands-on experience of writing secure code to move physical devices and protect a top-secret facility from real life cyber attacks. Winners from this event will then be invited to attend the Masterclass Final and awards weekend next March.
Neil Cassidy, practice lead of cyber defence, security division at QinetiQ, said: “Cyber criminals are increasingly developing the capabilities to manipulate the software used to control key security systems. Attacks such as Stuxnet highlight the fundamental impact that these attacks can have on national infrastructure, from power stations to military installations.
“At QinetiQ's face-to-face stage of this competition, competitors will be responsible for securing the systems protecting a simulated top-secret facility. They must identify vulnerabilities in command software systems and work to anticipate security breaches to avoid attack. Through this challenge we aim to provide the software developers of the future with experience of what it takes to secure software systems and the impact any failures can have.”
The 2011 (ISC)² ‘s Global Information Security Workforce Study found that 73 per cent of information security professionals surveyed rated software vulnerabilities as the number one online threat.
John Colley, managing director of (ISC)² EMEA, said that it was participating to raise awareness amongst software and systems developers of the role they play in secure software development.
“Security instincts will be just as important as technical skills, as candidates prove they can effectively research and anticipate requirements for security at the same rapid rate at which software is developing,” he said.
“For too long, software that underpins business and much of our most vital critical national infrastructure has been written without appreciation for the need for security. Those with the right instincts have a significant opportunity to demonstrate new skills that are incredibly relevant today. We hope this competition will attract, identify and nurture new talented individuals to work in this field.”