Cybershade Programming Challenge

This is a simple programming challenge / wargame for people interested.

Description

A few days ago I was thinking about a Cybershade programming challenge. It'd be a fun little competition within the Cybershade community, people could try new things, have some fun while doing it, etc.

Well today Prince and I (and DarkMantis and drsexbot) got into a little argument about the security of phpBB and IPB, which pretty much boiled down to the pros and cons of Open-Source software (phpBB) versus Closed-Source software (IPB). DarkMantis, in his genius, suggested we put it to the test by creating a competition.

Information

Team size will be based on interest. People will be able to choose a side unless spots fill up.

I'm guessing language will be PHP as that seems to be the best known around here.

The programming challenge is TBA, if you have suggestions, please post below.

Gameplay

1. Teams are decided, and users are split into the two teams.
2. The open-source team will create a public repository on a site like GitHub, Google Code, Mercurial, etc. They are allowed to ask anyone, including the community to help out with the code, but the majority of the code should be submitted by team members.
3. The closed-source team can manage their code however they see fit, however they cannot get outside help.
4. Teams will have a predetermined amount of time to work on their projects, before no more changes can be submitted.
Each team will setup a live version of their script, and the public team will hand over the public repository location.
5. Either teams will try to find vulnerabilities in the other's script, or a third team will be brought in to do so.

There will probably be some requirements for the scripts such as MySQL only, perhaps has to use some $_SYSTEM variables, etc. I really haven't got that far.

Rules are up for debate. Post your suggestions.

I think a third team, beacuse this way, it doesn't require both teams knowing everything about security.

True. My issue with this is that the third team could be said to be "biased" by either team, or have less expertise with blind than open, but of course either team could as well.

Yeah that's true actually.

Maybe we should have a basic list of vulnerabilities in which both teams should follow.

Then once they've checked them, they can go and try any other exploits which they see fit.

Sounds good. I'd like a 3rd party from neither of the teams to create the checklist though, and only distribute it once both teams have finished.

yeah that's cool. I agree with that.

I think that I want to be part of the Closed-Source team, but not 100% sure yet.

I would like to be part of the open-source team.

Actually after saying that I wanted to be part of the Closed-Source, I really don't care as I'm doing this for an experiment, it will be just as good to be part of either team IMO.

Who else is joining up for this?

I'd be up for it. Either side doesn't bother me

I think we should make this a real competition and have a prize for the team who wins it.

Not sure what the prize should be but it gives people more of an incentive.