I'm sad to announce that our hacking competition is over. However I'm really happy to say that the latest compojoomComment 4.1.7 couldn't be cracked :)
A little more than 20 people left some 300+ malicious comments on demo.compojoom.com . However only one could find something exploitable: that was Jeff Channell and he already got our main prize: 200€ and 1 year salvusalerting subscription.
Short facts:
Competition duration: 32 day
Participants: 23
Malicious comments: 344
Found vulnerabilities: 7
Fixed vulnerabilities: 7
Time from reported vulnerability to fix: less than 24h
I want to thank our sponsor Nils Ally and SalvusAlerting.com for making this possible and supporting open source software! And of course a big thank you to all participants - I hope you will try again next year :)