Announcement
Anastasia Dyubaylo · Nov 1

InterSystems Security Contest

Security wanted!

Welcome to the next InterSystems online programming competition: 

🏆 InterSystems Security Contest 🏆

Duration: November 15 - December 05, 2021

Prizes: $9,450 in prizes!

<--break->

Prizes

1. Experts Nomination - a specially selected jury will determine winners:

🥇 1st place - $4,000 

🥈 2nd place - $2,000 

🥉 3rd place - $1,000

🌟 4-10th places - $100

2. Community winners - applications that will receive the most votes in total:

🥇 1st place - $1,000 

🥈 2nd place - $500 

🥉 3rd place - $250

If several participants score the same amount of votes, they all are considered winners, and the money prize is shared among the winners.  

Who can participate?

Any Developer Community member, except for InterSystems employees (ISC contractors allowed). Create an account!

👥 Developers can team up to create a collaborative application. Allowed from 2 to 5 developers in one team.

Do not forget to highlight your team members in the README of your application – DC user profiles.

Contest Period

🛠 November 15 - 28: Application development and registration phase.

✅ November 29 - December 05: Voting period.

Note: Developers can improve their apps throughout the entire registration and voting period.

The topic

In the security contest, we encourage developers to share the solutions that show how to perform security tasks related to InterSystems IRIS and InterSystems IRIS for Health. We invite you to contribute apps that will reveal tasks related to the Authentication, Authorization, Auditing and Encryption parts of the InterSystems Security Model.

Such tasks could be:

  • OAuth/OpenID/SAML/LDAP Authentication implementations.
  • PKI implementations
  • Access Management to certain parts of a REST API: application-level security, role/user-level security.
  • Access Management to data: on a database, table, column, or row-level access.
  • Access to interoperability components
  • Access to IRIS BI components: cubes, pivots, dashboards etc.
  • DevOps questions of authorization (users, roles, resources) and authentication (OAuth) settings.
  • Developer and support tools related to authentication and authorization.
  • Your idea!

Requirements:

  1. Accepted applications: new to Open Exchange apps or existing ones, but with a significant improvement. Our team will review all applications before approving them for the contest.
  2. The application should work either on IRIS Community Edition or IRIS for Health Community Edition or IRIS Advanced Analytics Community Edition.
  3. The application should be Open Source and published on GitHub.
  4. The README file to the application should be in English, contain the installation steps, and contain either the video demo or/and a description of how the application works.

Helpful resources 

1. For beginners with InterSystems IRIS:

2. For beginners with ObjectScript Package Manager (ZPM):

3. How to submit your app to the contest:

4. Documentation, courses, and videos:

5. Templates

Judgment

Voting rules will be announced soon. Stay tuned! 

So!

We're waiting for YOUR project – join our coding marathon to win! 


❗️ Please check out the Official Contest Terms here.❗️

100
3 1 19 771
Log in or sign up to continue

My suggestion is an implementation to pseudonymization or anonymization to protect sensitive data to not fall within the scope of the GDPR or LGPD(Brazilian version of GDPR) could fits to the security contest. I planning to do something like that if it fits

I like that idea, Henry. Either update real data to fake data or just create fake data for testing.

It is a contest about security not about privacy. In the rules, it is necessary use InterSystems Security Model.

Yuri, yes, data anonymization and obfuscation is not a part of the InterSystems Security model but it's an interesting topic related to secure IT practicies. And regarding privacy - I think it becomes privacy when you agree or disagree with the consent. So IMHO privacy begins when the solution is implemented which we don't expect to see in the contest :)

Consent in the privacy is a legacy resource, because all days we give consent without read the contract and conditions. Now, to reach privacy, you need to use the resource of transparency. When the user know what the data controller did with your data and it is allowed to the data holder manage data sharings, get reports and claim privacy rights using this transparency, you get the real privacy. Gdpr, lgpd is about it. Is not about cypher data or allows a consent opt in, but to give to the holder the power to manage all aspects about your data. So to expand the security contest with privacy, will require to you review all current rules. The risk to see apps using 95% from another technologies and 5% of iris it is real with this expansion. While when you has the requirement to use intersystems security model, we have more chance to see apps with intensive use of iris

Encryption is the part of InterSystems security model. I think the data anonymization task is close to data encryption, isn't it?

And privacy regulations can even deal with anonymized and unencrypted data. If @Henry Pereira removes GDPR or LGPD terms from the question (which are the potential implementation goals), will the case work as a security topic?

So our contest is not about privacy. But we can include encryption and data obfuscation/anonymization.

IRIS has encryptation already, but not anonymization. Is a valid security topic.

We expanded the topic for Auditing and Encryption too. So, @Henry Pereira, your idea meets the contest requirements - please apply for the contest!

@YURI MARX GOMES, thanks for your attention and useful comments as always! 

Henry, it's an interesting topic! If we don't see strong objections and concerns we'll expand the scope of the contest.

Thank you @YURI MARX GOMES and @Evgeny Shvarov for all enlightenment. I will follow the advice to remove GDPR and LGPD from the implementation goal and will focus on anonymization data, if it's included on scope.

Hey Developers!

Are you started creating your solutions? We are waiting to see them!

Don't forget, that the new InterSystems Security Contest is starting on Monday!

So, good luck to everybody!

Hello Developers!

The first week of the registration period has ended, so only one week left!

So, upload your applications and participate! 

Hi Community!

Only 2 days left before the start of voting.surprise

Hurry up to upload your application! wink