Build-it, Break-it, Fix-it (BIBIFI) is a programming contest which aims to assess the ability to securely build software, not just break it. During the Build-it round, contestants implement software according to a provided specification with security goals. The software is scored for being correct, efficient, and featureful. The second round asks teams to find defects in other teams’ build-it submissions (Break-it) and patch the bugs and vulnerabilities found in their code (Fix-it). In addition to being an excellent learning opportunity for participants, the BIBIFI contest produces data that provides insights into secure development practices and software quality.

BIBIFI has been used in classes at the University of Maryland, Universität Paderborn, University of Pennsylvania, Texas A&M University, and Carnegie Mellon University. The infrastructure code to run the contest is open source. If you are interested in running the contest, please reach out to us!

Publications related to this project: