The key driving force behind any capture-the-flag competition is the scoring algorithm; the Cyber Grand Challenge (CGC) was no different.

The scoring algorithm design for both the CGC Qualifier Event (CQE) and the CGC Final Event (CFE) focused heavily on encouraging development of automated reasoning about software and its inputs, discouraging collusion and cheating, and representing real-world constraints to ensure resulting solutions developed by CGC competitors were well-positioned for adoption outside the Cyber Grand Challenge competition.

In “House Rules: Designing the Scoring Algorithm for Cyber Grand Challenge,” which appears in the March/April 2018 issue of IEEE Security & Privacy, the authors describe design considerations for CQE and CFE scoring algorithms, how these algorithms intended to incentivize competitors to achieve these goals, and effects these decisions had on the resulting gameplay in CGC.