Terms of Use of the Standoff 365 Platform

In accordance with Article 435 of the Civil Code of the Russian Federation, these Terms of Use (hereinafter the Agreement) constitute a public offer of Positive Technologies (hereinafter the Company) for participation in contests, events, and competitions on the Standoff 365 platform (hereinafter Standoff). The Agreement is addressed to an unlimited number of persons on the terms and conditions set forth below. By using the standoff365.com website (hereinafter the Platform), the user unconditionally accepts the terms of this Agreement.

Subject of the Agreement

  1. The Company provides the Platform for use, including for participation in contests, events, and competitions organized on the Platform. The Agreement defines the general terms of use of the Platform. Special conditions for participation in Standoff and Bug Bounty are defined in the appendices to this Agreement.

Registration on the Platform

  1. To participate in Standoff and Bug Bounty (hereinafter the Events), an individual (hereinafter the User) must register on the Platform at the following address: auth.standoff365.com/en-US/account/registration.
  2. Without registration, the User has access to a limited number of the Platform pages.
  3. When registering, the User must provide complete and accurate information that does not violate the laws of the Russian Federation. The information to be provided is specified in the registration form.
  4. When registering, the User must provide their personal data. In this case, this data will be processed as part of the execution of this Agreement, to which the User is a party.
  5. By registering, the User unconditionally accepts the terms and conditions of this Agreement and the terms and conditions of the contest published at standoff365.com/en-US/regulation-on-contests.
  6. The Company has the right to refuse the User registration without giving reasons and without further notice of such refusal.
  7. After registration, the User can access all the functions of the Platform related to participation in the Events.
  8. When registering, the User fills in a special form on the Platform, indicating the following information:
    • Username.
    • Email address.
    • Password containing uppercase Latin letters (A–Z), lowercase Latin letters (a–z), numbers (0–9), and special characters (,.<>/?;:'"[]{}|`~!@#$%^&*()-_+=). The password must be at least 10 characters long and contain at least one uppercase letter, one lowercase letter, one special character, and one number.
  9. The Company sends an email to the User's email address with a link to confirm the email address.
  10. After confirmation, the User receives a notification of successful completion of registration and gains access to his or her personal account on the Platform and the Platform functions.
  11. The User can manage their personal data in their personal account.

Prohibited actions

The following actions are not allowed to the User:

  1. Attempts to gain access to the personal information of other Platform users by any means, including but not limited to deception, abuse of trust, and hacking of the Platform.
  2. Actions, including technical ones, intended to disable the Platform.
  3. Use of any technical means for collecting and processing information on the Platform, including personal data of other users.
  4. Attempts to bypass technical restrictions.
  5. Copying, modifying, preparing derivative materials, decompiling, analyzing with a disassembler, attempting to crack the source code of the Platform, and any other modifications to the Platform.
  6. Any deception of the Platform users or representatives of the Company.
  7. Impersonating another person or its representative without proper authorization, including impersonating the Company or its employees, as well as using any other forms or methods of illegal impersonation of other individuals or legal entities.
  8. Using information about phone numbers, mailing addresses, and email addresses to send commercial or non-commercial messages (spam).
  9. Using the Platform content, including but not limited to text and images.
  10. Using the Company's trademarks. The Platform may also include third-party trademarks. These trademarks are placed on the Platform only for information, and the Company does not hold right to such trademarks. The use of such trademarks is also prohibited.

User requests

  1. The Company has the right to provide support and advice to the Platform users by email: org@standoff365.com.
  2. When submitting a request, the User must provide their contact information. Requests may include attachments.
  3. The requests are handled as follows:
    • Within fifteen (15) business days of receiving the request, the Company will check the request for completeness of information.
    • If the provided information is sufficient, the Company will send a reasoned response to the email address of the Platform User within fifty (50) business days after verification of the request.
    • If the provided information is insufficient, the Company will request additional information by sending a letter to the email address of the Platform User. The User shall provide additional information within five (5) business days of the Company's request.
    • If the User does not provide additional information and/or documents, the User's request is considered withdrawn.

Company rights

The company has the right to do the following:

  1. Set any restrictions on the use of the Platform by the User.
  2. Collect any information to compile statistics on the use of the Platform.
  3. Perform planned technical works with suspension of Platform operation.

Personal data

  1. The Company processes personal data of the Platform users in accordance with the Agreement, including special conditions of participation specified in clause 1.1 of the Agreement and in compliance with the requirements of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006 (hereinafter the Law on Personal Data). We also take into account other personal data regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
  2. The procedure for processing personal data and ensuring its security is described in the Company's Privacy Notice.
  3. If the User processes personal data of third parties, the User is responsible for ensuring the protection of information in accordance with the Law on Personal Data, GDPR, CCPA, and other laws and regulations.

Limitation of liability

  1. The Company shall not be liable for:
    • Any losses of the User
    • Inaccessibility of the Platform for reasons beyond the Company's control
    • Any actions or inactions of the service providers
    • Functioning of third-party services, software, and equipment
    • Damage to User's equipment, data storage devices, and software caused by the use of the Platform
  2. Liability of the Company may not exceed ten thousand (10,000) rubles.
  3. In case of any claims, demands, or lawsuits related to violation of rights of third parties due to violation of the Russian Federation legislation by the User, the User is obliged to take measures to settle relevant claims and compensate the Company for damages, if any.

Term of the Agreement

  1. This Agreement shall enter into force at the time of its adoption and shall remain in effect for a period of two months following the end of the last event specified in the Agreement.
  2. The Agreement can be terminated at the User's request sent to org@standoff365.com.

Dispute settlement

  1. All disputes arising between the Company and the User shall be resolved by means of responding to a claim within thirty (30) days of its receipt.
  2. If the parties fail to come to a mutual agreement, the dispute may be settled by a court at the Company's location.
  3. The applicable law is the law of the Russian Federation.
  4. The Company has the right to participate in resolving disputes between the Platform users.

Final provisions

  1. The Company has the right to send documents, messages, notifications, requests, and other information related to the Event and/or necessary for participation in the Event to the User's email address.
  2. The Company has the right to amend or supplement this Agreement at any time without further notice to the User. The new version of the Agreement shall take effect upon publication at standoff365.com/en-US/terms-of-use.
  3. Issues not covered by this Agreement shall be settled according to the legislation of the Russian Federation.
  4. Should any provision of this Agreement be held invalid under the laws of the Russian Federation, all other provisions of this Agreement shall remain in force and the parties shall execute this Agreement without regard to such invalid provision.

Company information

Positive Technologies
Address: Preobrazhenskaya Square 8, Moscow, 107061, Russian Federation
Tel.: +7 495 744 01 44
Fax: +7 495 744 01 87

Appendix No. 1 to the Terms of Use of the Standoff 365 platform. Terms of participation in the Standoff cyberexercise

Standoff (hereinafter the Cyberexercise, Standoff) is held at the Positive Hack Days conference and is intended for IT security professionals who fit the participation requirements set forth by Positive Technologies (hereinafter the Organizer). The Cyberexercise is held for the purpose of raising society's awareness of information security.

Participation in the Standoff Cyberexercise means accepting its terms (hereinafter the Terms).

Participants must be 18 years old or have reached the age of emancipation in the jurisdiction in which they are registering for the Cyberexercise (hereinafter the Participants).

Participation in the Cyberexercise is free of charge; nevertheless, since the Cyberexercise website is accessible via the Internet only, each user will have to bear all accession-related costs (including those concerning instruments required for Internet connection, such as the ownership of a computer, a modulator/demodulator, and any other spending required for Internet access).

Purpose of the Cyberexercise

The Cyberexercise will be held on the Standoff 365 platform. The Platform enables conducting the Cyberexercise to analyze attacks against the information infrastructure and applications and to play out incident response scenarios.

Several cyberrange segments are deployed on the Platform. Each of the segments is designed to re-create information systems and processes that are typical of enterprises from a particular industry (commercial firms, banks, telecom operators, and industrial facilities). Each industry can include one or more services responsible for regulating activity or providing security at a given organization. Such services might include a mail server, FTP server, client database, document management system, firewall, traffic light management system, and wind generators.

Participants are grouped into teams with a common goal. In Standoff, there are two types of teams: attackers and defenders. Teams will have to play through a full range of cybersecurity scenarios, simulate all test cycles, and in just a few days re-create events that may take years in real life. The Event offers both attackers and defenders a unique chance to test their skills on digital copies of genuine IT infrastructure. These copies are supplied by real businesses wishing to put their security systems to the test.

Organizer

The Event is organized by Positive Technologies, a leading global provider of solutions in the field of information security, enterprise applications for vulnerability management, compliance with regulatory organizations, incident and threat analysis, and application protection. Legal address: Preobrazhenskaya Square 8, Moscow, Russian Federation.

Participation requirements

Only individuals who have applied to participate in the Cyberexercise or were invited by the Organizer are able to participate.

Place and duration of the Cyberexercise

The Cyberexercise is held online. The Cyberexercise can be followed at standoff365.com. Details will be fed to the Standoff 365 platform and updated regularly.

Rules of the Cyberexercise

  1. Teams

    In Standoff, there are two types of teams: attackers and defenders. Attackers seek to trigger non-tolerable events, such as by bringing SCADA systems to a halt or accessing confidential information. The objective of defenders is to quickly detect and investigate incidents.

    Attackers connect via a VPN server using the credentials received from the Organizer during the preparation process.

    The exercise is time-limited. The remaining time is shown on the Standoff 365 platform. Technical breaks will be provided.

    Attackers

    During the Cyberexercise, attackers attempt to actuate non-tolerable events by accomplishing tasks proposed by the Organizer and receive points for doing so. Attackers may target only services located at addresses provided by the Organizer. Points will not be awarded for attacks on other addresses. Services located outside the infrastructure provided by the organizers are not included in the scope of the cyberrange and are prohibited for attacks.

    Warning. The Organizer can suspend the team from the Cyberexercise for using service accounts or attempting to gain access to them. The list of service accounts will be published during the event.

    Warning. Attacks on addresses not on the provided list may result in removal of the team from the exercise. Moreover, teams are prohibited from conducting DoS and DDoS attacks on the services and applications of the cyberrange infrastructure, including attacks at the network level. Teams performing such attacks may be removed from the exercise.

    Defenders

    The primary objective of defenders is to detect and investigate incidents caused by attackers' actions. During the exercise, defenders gain experience in sustaining infrastructure under hyper-realistic conditions.

    The exercise is time-limited. The remaining time is shown on the Standoff 365 platform.

    Defenders receive access to the cyberrange in advance (usually a month prior) and can become familiar with it. Each team is given configuration files, credentials for connecting, and other information needed to participate.

    To become familiar with the infrastructure, the teams have access to a vulnerability scanner. The Organizer provides infrastructure credentials for performing inventory and scanning. Teams may use any other vulnerability scanners they prefer, but must install them themselves. After familiarization, teams shall provide the Organizer with a list of security tools they plan to use and indicate where they will be located. Generally speaking, teams are limited to three classes of security tools: next-generation firewall (NGFW), application firewalls (AF), and security information and event management (SIEM). Use of other tools is subject to prior approval from the Organizer.

  2. Scoring and selection of winners

    The Organizer evaluates the performance of the tasks at its own discretion. Attackers receive points for their activities. The actions of defender teams are scored using metrics.

    Attackers can earn the points in the following ways:

    • Complete tasks offered by the Organizer. Tasks can include obtaining confidential information, disabling one or more services, or changing information on a test website. A task is deemed completed if an answer to it has been accepted as correct. For an answer to be checked, the participant must submit a report in a specific format (a report template is available on the page of the non-tolerable event).

      Attackers earn points for each task they complete. The Organizer may also decide to award extra points or deduct penalty points. The first team to complete a task receives the maximum points. If two teams complete a task at the same time, the organizers can award both teams the maximum points.

      If an answer does not contain sufficient information about how the task was completed, the report is not accepted and no points are awarded. If this occurs, the Organizer shall post a comment in the personal account for the report in question. The report may be revised and re-submitted.

    • Find vulnerabilities. For a vulnerability to be scored, it must be described in a report (any format is OK). The report must include an example of how a vulnerability can be exploited. Depending on the type of a vulnerability detected, it is also necessary to obtain a DBMS version, read a local file, send an arbitrary HTTP request, or display the output of the ipconfig/ifconfig, whoami, or id commands. Only certain classes of vulnerabilities are accepted (RCE, SQLi, Path Traversal, XXE, SSRF).

      Attackers receive points for each vulnerability they find that is accepted by the Organizer.

    The following metrics are used for each defender team:

    • Number of detected incidents. Defenders work to detect incident at the companies to which they have been assigned. During the exercise, defenders may send reports on the incidents that they have detected (a template and sample report are available on the Standoff 365 platform).

      The Organizer evaluates the reports at its sole discretion. If a report does not contain sufficient information, the Organizer will not accept it and instead leave a comment on the portal. The report can be corrected and re-submitted.

      The target history on the Standoff 365 platform will be periodically updated to reflect the number of incidents detected by defenders. If a defender team fails to detect incidents that have been detected by the Organizer, the Organizer's information will be displayed.

    • Average attack investigation time. After the Organizer accepts a report about an event being triggered from an attacker team, the defenders are informed about the non-tolerable event that was triggered. The defender team must then investigate the non-tolerable event. A timer appears on the Cyberexercise portal: it tracks the time spent on the investigation. The defender team should provide the Organizer with an event investigation report (a template and sample report are available on the Standoff 365 platform).

      The Organizer evaluates the reports at its sole discretion. If a report does not contain sufficient information about the attackers' actions, the report will not be accepted by the Organizer and will be marked as such with a comment on the Cyberexercise portal. In response to the comment, the defenders may perform an additional investigation, revise the report, and re-submit it.

      Once the Organizer has accepted an event investigation report from the defenders, the time it took to complete the investigation is recorded. Time taken by the Organizer to verify the report is not included.

Detailed information about the rules of the Cyberexercise is available at standoff365.com/downloads/standoff_rules_en.pdf.

Winner announcement and verification

During the Cyberexercise, defenders gain experience in sustaining infrastructure under hyper-realistic conditions. Their results will be displayed on a scoreboard for information purposes only.

The winners will be selected from the attackers only. The winners will be announced on the Standoff 365 platform within five working days after the completion of the Cyberexercise. The Organizer may, at its discretion, verify a winner's compliance with the Terms. The participants understand and acknowledge that even though their team may be announced as a winner, if any of them as an individual, or their team's compliance with this Agreement cannot be verified to the satisfaction of the Organizer, the Organizer will select an alternate winner.

Winner's identity

In case of controversies on the identity of the winner, the owner of the email address provided upon registration in the Cyberexercise will be taken into account; in other words, the person to whom an email address has been attributed by a provider of online services or by any person responsible for the attribution of email addresses for the domain relating to the address provided, will be recognized as a winner. The Organizer reserves the right to ask the winner identified in this way to provide the relevant evidence of his/her being the owner of the email address associated with the winner.

Personal data

By participating in the Cyberexercise, the Participants agree to provide their personal information to the Organizer in accordance with the Privacy Notice. If the Organizer is unable to collect necessary data, the Participant may be disqualified from the Cyberexercise. All personal information gathered by the Organizer in the course of the Cyberexercise will only be used for the Cyberexercise (and related purposes outlined in this Agreement and in the Privacy Notice).

Limitation of liability

The Organizer will not be liable to any of the Participants for any direct, indirect, actual, or possible damages in connection with the Cyberexercise or the Terms. Participants hereby release and agree to indemnify and hold harmless the Organizer and its employees, officers, affiliates, agents, partners, experts, as well as advertising and promotional agencies from any and all damages, injuries, claims, causes of actions, liability or losses of any kind (including actual legal fees and expenses), direct or indirect, absolute or contingent, arising from or related to: (a) a participant's failure to comply with any of the Cyberexercise rules (b) provision of false information by a participant; or (c) participation in the Cyberexercise.

Internet

The Organizer shall not be liable for any of the following:

  • Any electronic transmission errors resulting in omissions, interruptions, deletions, losses, or delays in transmission of data
  • Any kind of technical dysfunction in the network, telephone system, electronic equipment, computer, hardware, or software resulting from theft, destruction of equipment, or unauthorized access to the Platform
  • Technical problems, traffic congestion, or any combination of problems on the website resulting in inaccurate transmission of data or lack of access to the Platform

In the event that a computer virus, bug, tampering with data, unlawful intervention, foul play, technical malfunction, or other cause results in the Participant's inability to complete a task of the Cyberexercise as planned, or if the security or fairness of the Cyberexercise is threatened, the Organizer reserves the right to cancel, end, or change the Platform's functions, or suspend the Cyberexercise.

Videotaping and still photography

By participating in the Cyberexercise, the Participants agree to be photographed and videotaped by the Organizer or its contractors without receiving compensation of any kind. The participants understand that the images and footage may be broadcast, displayed, reproduced, edited, exhibited, used, and distributed by either the Organizer over the Internet or any other communication medium now existing or hereafter created, for promotional, revenue producing, or any other purpose as the Organizer determines in its sole and absolute discretion. This authorization explicitly includes the use of a participant's name, likeness, or voice. The participant may opt out of being photographed or videotaped by informing the Organizer upon check-in at the Cyberexercise that he/she does not consent to be photographed or videotaped.

Code of conduct

When participating in the Cyberexercise, harassment is prohibited. Harassment includes offensive verbal comments related to gender, gender identity and expression, age, sexual orientation, disability, physical appearance, body size, race, ethnicity, nationality, religion, sexual images in public spaces, deliberate intimidation, stalking, following, photography or audio/video recording against reasonable consent, sustained disruption of talks or other events, inappropriate physical contact, and unwelcome sexual attention. Participants asked to stop any harassing behavior are expected to comply immediately.

Information about vulnerabilities embedded by the Organizer in the cyberrange is not confidential and Participants are free to disclose it. However, Participants may not disclose information about zero-day vulnerabilities and/or critical vulnerabilities that were not embedded by the Organizer.

Contacts

For any queries related to the Cyberexercise, please contact us at org@standoff365.com.

Legislation

The Terms are prepared and construed in accordance with the laws of the Russian Federation.

Separability

If any part of the Terms is judged to be invalid or unenforceable by law, the remainder of the Terms shall continue to remain valid in its entirety.

Appendix No. 2 to the Terms of Use of the Standoff 365 platform. Terms of use of the Platform when participating in Bug Bounty

  1. To participate in Bug Bounty (hereinafter the Contest), an individual (hereinafter the User) must register on the Platform in the manner provided for in Section 2 of the Agreement.
  2. By registering, the User accepts the terms and conditions of the Agreement and the terms and conditions of the Contest published at standoff365.com/en-US/regulation-on-contests.
  3. After registration, users get access to their personal accounts on the Platform.
  4. The User sends a report on the completion of a task in accordance with the terms and conditions of the Contest via the personal account. When sending a report, the User must provide complete and accurate information that does not violate the laws of the Russian Federation. The information to be provided is specified in the report form.
  5. Additional information to be provided by the Contest winners in order to receive a prize:
    • Full name
    • Registration address
    • Passport data: series, number, date of issue, subdivision code, who issuing authority
    • Date and year of birth
    • SNILS (individual insurance account number)
    • INN (tax identification number)
    • Bank details
  6. The User's personal data are processed as part of the User's participation in the Contest and the execution of this Agreement and the Contest regulations, to which the User is a party.
  7. The winners consent to the creation of their public profiles on the Platform containing the following information:
    • Username
    • First and last name
    • Total points
    • Number of submitted reports
    • Maximum severity level of found vulnerabilities

Appendix No. 3 to the Terms of Use of the Standoff 365 platform. Terms of participation in the Standoff 365 cyberexercise

The Standoff 365 cyberexercise (hereinafter the Cyberexercise) is a set of online events for information security professionals. Participants must meet the requirements specified by Positive Technologies (hereinafter the Organizer). The Cyberexercise is held for the purpose of raising society's awareness of information security. Participation in the Cyberexercise means accepting the terms of the cyberexercise on the Standoff 365 platform (hereinafter the Terms).

Participation in the Cyberexercise is free of charge; nevertheless, since the Cyberexercise website is accessible via the Internet only, each user will have to bear all accession-related costs (including those concerning Internet connection, such as the ownership of a computer, a modem, and any other required tool).

Purpose of the Cyberexercise

The Cyberexercise will be held on the Standoff 365 platform. The Cyberexercise Participants can analyze attacks against information infrastructure and applications.

Virtual cyberranges deployed on the Platform re-create information systems and processes that are typical of enterprises from a particular industry (for example, banks and electricity and IT companies). Each industry can include one or more services responsible for regulating activity or providing security at a given organization. Such services might include a mail server, FTP server, client database, document management system, firewall, traffic light management system, wind generators, electricity meters, and electrical substations.

The goal of the Participants is to disrupt the functioning of the provided information systems by triggering non-tolerable events and exploiting vulnerabilities.

Organizer

The Event is organized by Positive Technologies, a leading global provider of solutions in the field of information security, enterprise applications for vulnerability management, compliance with regulatory organizations, incident and threat analysis, and application protection. Legal address: Preobrazhenskaya Square 8, Moscow, Russian Federation.

Participation requirements

Participants must be 18 years old or have reached the age of emancipation in the jurisdiction in which they are registering for the Cyberexercise (hereinafter the Participants). To take part in the Cyberexercise, the Participants must register at standoff365.com.

Place and duration of the Cyberexercise

The Cyberexercise is held online 365 days a year, with the exception of technical breaks. Information about the Cyberexercise is regularly updated on the Standoff 365 platform.

Rules of the Cyberexercise

  1. General information

    At the cyberrange, Participants simulate the actions of attackers targeting a company's information system. Attackers seek to trigger non-tolerable events by accomplishing tasks proposed by the organizers, such as by spoofing ICS data or accessing confidential information. For doing so, they receive points. Attackers may target only services located at addresses provided by the Organizer. Points will not be awarded for attacks on other addresses. Services located outside the infrastructure provided by the organizers are not included in the scope of the cyberrange and participants are prohibited from attacking them.

    Warning. The Organizer can suspend the Participant from the Cyberexercise for using service accounts or attempting to gain access to them. The list of service accounts will be published during the event.

    Warning. Attacks on addresses not on the provided list may result in removal of the Participant from the Cyberexercise. Moreover, the Participants are prohibited from conducting DoS and DDoS attacks on the services and applications of the cyberrange infrastructure, including attacks at the network level. Participants performing such attacks may be removed from the Cyberexercise.

    Participants connect via a VPN server using their personal accounts at standoff365.com. Technical breaks can be called during the Cyberexercise.

  2. Task scoring

    Participants can earn points in the following ways:

    • By triggering non-tolerable events. Non-tolerable events can include stealing confidential information, disabling one or more services, or changing information on a test website. The conditions required for a non-tolerable event to be triggered are described in the task. An event is considered triggered if a participant has submitted a report with the correct solution. The answer must contain a set of characters (flag) that the participant is supposed to find in an information system. The flags are predefined by the Organizer.

      Participants earn points for each task they complete. In addition, the Organizer may evaluate the Participant's work and award additional points.

      If the report is not accepted by the system, the Participant must submit a new report (flag).

    • By finding vulnerabilities. For a vulnerability to be scored, it must be described in a report containing a set of characters (flag). The submitted flag must match the flag predefined by the Organizer. Participants can only report vulnerabilities of the following types: Remote Code Execution (RCE), SQL Injection (SQLi), Path Traversal, and Server-Side Request Forgery (SSRF).

For the number of points awarded for the actuation of non-tolerable events and the detection of vulnerabilities, see the game portal standoff365.com.

Announcement of results

Participants are ranked in descending order by number of points at standoff365.com.

Personal data

By participating in the Cyberexercise, the Participants agree to provide their personal information to the Organizer in accordance with the Privacy Notice. If the Organizer is unable to collect necessary data, the Participant may be disqualified from the Cyberexercise. All personal information gathered by the Organizer in the course of the Cyberexercise will only be used for the Cyberexercise (and related purposes outlined in this Agreement and in the Privacy Notice).

Limitation of liability

The Organizer will not be liable to any of the Participants for any direct, indirect, actual, or possible damages in connection with the Cyberexercise or the Terms. Participants hereby release and agree to indemnify and hold harmless the Organizer and its employees, officers, affiliates, agents, partners, experts, as well as advertising and promotional agencies from any and all damages, injuries, claims, causes of actions, liability or losses of any kind (including actual legal fees and expenses), direct or indirect, absolute or contingent, arising from or related to: (a) a participant's failure to comply with any of the Cyberexercise rules (b) provision of false information by a participant; or (c) participation in the Cyberexercise.

Internet

The Organizer shall not be liable for any of the following:

  • Any electronic transmission errors resulting in omissions, interruptions, deletions, losses, or delays in transmission of data
  • Any kind of technical dysfunction in the network, telephone system, electronic equipment, computer, hardware, or software resulting from theft, destruction of equipment, or unauthorized access to the Platform
  • Technical problems, traffic congestion, or any combination of problems on the website resulting in inaccurate transmission of data or lack of access to the Platform

In the event that a computer virus, bug, tampering with data, unlawful intervention, foul play, technical malfunction, or other cause results in the Participant's inability to complete a task of the Cyberexercise as planned, or if the security or fairness of the Cyberexercise is threatened, the Organizer reserves the right to cancel, end, or change the Platform's functions, or suspend the Cyberexercise.

Code of conduct

When participating in the Cyberexercise, harassment is prohibited. Harassment includes offensive verbal comments related to gender, gender identity and expression, age, sexual orientation, disability, physical appearance, body size, race, ethnicity, nationality, religion, sexual images in public spaces, deliberate intimidation, stalking, following, photography or audio/video recording against reasonable consent, sustained disruption of talks or other events, inappropriate physical contact, and unwelcome sexual attention. Participants asked to stop any harassing behavior are expected to comply immediately.

Information about vulnerabilities embedded by the Organizer in the cyberrange is not confidential and Participants are free to disclose it. However, Participants may not disclose information about zero-day vulnerabilities and/or critical vulnerabilities that were not embedded by the Organizer.

Contacts

For any queries related to the Cyberexercise, please contact us at org@standoff365.com.

Legislation

The Terms are prepared and construed in accordance with the laws of the Russian Federation.

Separability

If any part of the Terms is judged to be invalid or unenforceable by law, the remainder of the Terms shall continue to remain valid in its entirety.