In accordance with Article 435 of the Civil Code of the Russian Federation, these Terms of Use ("Agreement") constitute a public offer of Positive Technologies ("Company") for participation in contests, events, and competitions on the Standoff 365 Platform ("Standoff"). The Agreement is addressed to an unlimited number of persons on the terms and conditions set forth below. By using the standoff365.com website ("Platform"), the user unconditionally accepts the terms of this Agreement.
Subject of the Agreement
- The Company provides the Platform for use, including for participation in contests, events, and competitions organized on the Platform. The Agreement defines the general terms of use of the Platform. Special conditions for participation in Standoff and Bug Bounty are defined in the appendices to this Agreement.
- To participate in Standoff and Bug Bounty ("Events"), an individual ("User") must register on the Platform at the following address: auth.standoff365.com/en-US/account/registration.
- Without registration, the User has access to a limited number of the Platform pages.
- When registering, the User must provide complete and accurate information that does not violate the laws of the Russian Federation. The information to be provided is specified in the registration form.
- When registering, the User must provide his/her personal data. In this case, this data will be processed as part of the execution of this Agreement, to which the User is a party.
- By registering, the User unconditionally accepts the terms and conditions of this Agreement and the terms and conditions of the contest published at standoff365.com/en-US/regulation-on-contests.
- The Company has the right to refuse the User registration without giving reasons and without further notice of such refusal.
- After registration, the User can access all the functions of the Platform related to participation in the Events.
- When registering, the User fills in a special form on the Platform, indicating the following information:
- Username.
- Email address.
- Password containing uppercase Latin letters (A–Z), lowercase Latin letters (a–z), numbers (0–9), and special characters (,.<>/?;:'"[]{}|`~!@#$%^&*()-_+=). The password must be at least 10 characters long and contain at least one uppercase letter, one lowercase letter, one special character, and one number.
- The Company sends an email to the User's email address with a link to confirm the email address.
- After confirmation, the User receives a notification of successful completion of registration and gains access to his/her personal account on the Platform and the Platform functions.
- The User can manage his/her personal data in his/her personal account.
Prohibited actions
The following actions are not allowed to the User:
- Attempts to gain access to the personal information of other Platform users by any means, including but not limited to deception, abuse of trust, and hacking of the Platform.
- Actions, including technical ones, intended to disable the Platform.
- Use of any technical means for collecting and processing information on the Platform, including personal data of other users.
- Attempts to bypass technical restrictions.
- Copying, modifying, preparing derivative materials, decompiling, analyzing with a disassembler, attempting to crack the source code of the Platform, and any other modifications to the Platform.
- Any deception of the Platform users or representatives of the Company.
- Impersonating another person or its representative without proper authorization, including impersonating the Company or its employees, as well as using any other forms or methods of illegal impersonation of other individuals or legal entities.
- Using information about phone numbers, mailing addresses, and email addresses to send commercial or non-commercial messages (spam).
- Using the Platform content, including but not limited to text and images.
- Using the Company's trademarks. The Platform may also include third-party trademarks. These trademarks are placed on the Platform only for information, and the Company does not hold right to such trademarks. The use of such trademarks is also prohibited.
User requests
- The Company has the right to provide support and advice to the Platform users by email: org@standoff365.com.
- When submitting a request, the User must provide his/her contact information. Requests may include attachments.
- The requests are handled as follows:
- Within fifteen (15) business days of receiving the request, the Company will check the request for completeness of information.
- If the provided information is sufficient, the Company will send a reasoned response to the email address of the Platform User within fifty (50) business days after verification of the request.
- If the provided information is insufficient, the Company will request additional information by sending a letter to the email address of the Platform User. The User shall provide additional information within five (5) business days of the Company's request.
- If the User does not provide additional information and/or documents, the User's request is considered withdrawn.
Company rights
The Company has the right to do the following:
- Set any restrictions on the use of the Platform by the User.
- Collect any information to compile statistics on the use of the Platform.
- Perform planned technical works with suspension of Platform operation.
Personal data
- The Company processes personal data of the Platform users in accordance with the Agreement, including special conditions of participation specified in clause 1.1 of the Agreement and in compliance with the requirements of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006 ("Law on Personal Data"). We also take into account other personal data regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
- The procedure for processing personal data and ensuring its security is described in the Company's Privacy Notice.
- If the User processes personal data of third parties, the User is responsible for ensuring the protection of information in accordance with the Law on Personal Data, GDPR, CCPA, and other laws and regulations.
Limitation of liability
- The Company shall not be liable for:
- Any losses of the User
- Inaccessibility of the Platform for reasons beyond the Company's control
- Any actions or inactions of the service providers
- Functioning of third-party services, software, and equipment
- Damage to User's equipment, data storage devices, and software caused by the use of the Platform
- Liability of the Company may not exceed ten thousand (10,000) rubles.
- In case of any claims, demands, or lawsuits related to violation of rights of third parties due to violation of the Russian Federation legislation by the User, the User is obliged to take measures to settle relevant claims and compensate the Company for damages, if any.
Term of the Agreement
- This Agreement shall enter into force at the time of its adoption and shall remain in effect for a period of two months following the end of the last event specified in the Agreement.
- The Agreement can be terminated at the User's request sent to org@standoff365.com.
Dispute settlement
- All disputes arising between the Company and the User shall be resolved by means of responding to a claim within thirty (30) days of its receipt.
- If the parties fail to come to a mutual agreement, the dispute may be settled by a court at the Company's location.
- The applicable law is the law of the Russian Federation.
- The Company has the right to participate in resolving disputes between the Platform users.
Final provisions
- The Company has the right to send documents, messages, notifications, requests, and other information related to the Event and/or necessary for participation in the Event to the User's email address.
- The Company has the right to amend or supplement this Agreement at any time without further notice to the User. The new version of the Agreement shall take effect upon publication at standoff365.com/en-US/terms-of-use.
- Issues not covered by this Agreement shall be settled according to the legislation of the Russian Federation.
- Should any provision of this Agreement be held invalid under the laws of the Russian Federation, all other provisions of this Agreement shall remain in force and the parties shall execute this Agreement without regard to such invalid provision.
Positive Technologies
Address: Preobrazhenskaya Square 8, Moscow, 107061, Russian Federation
Tel.: +7 495 744 01 44
Fax: +7 495 744 01 87
The Standoff cyber exercise ("Cyber Exercise") takes place several times a year and may be held as part of an information security conference. The Cyber Exercise is intended for IT security professionals who fit the participation requirements set forth by Positive Technologies ("Organizer"). The Cyber Exercise is held for the purpose of raising society's awareness of information security.
Participation in the Standoff Cyber Exercise means accepting its terms ("Terms").
Participants must be 18 years old or have reached the age of emancipation in the jurisdiction in which they are registering for the Cyber Exercise ("Participants").
Participation in the Cyber Exercise is free of charge; nevertheless, since the Cyber Exercise website is accessible via the internet only, each user will have to bear all access-related costs (including those needed for internet connection such as a computer or laptop and related accessories, a modem, and other tools).
Purpose of the Cyber Exercise
The Cyber Exercise will be held on the Standoff 365 Platform. The Platform enables the conduction of the Cyber Exercise to analyze attacks against the information infrastructure and applications and to play out incident response scenarios.
Several cyberrange segments are deployed on the Platform. Each of the segments is designed to re-create information systems and processes that are typical of enterprises from a particular industry (commercial firms, banks, telecom operators, and industrial facilities). Each industry can include one or more services responsible for regulating activity or providing security at a given organization. Such services might include a mail server, FTP server, client database, document management system, firewall, traffic light management system, and wind generators.
Participants are grouped into teams with a common goal. In Standoff, there are two types of teams: attackers and defenders. Teams will have to play through a full range of cybersecurity scenarios, simulate all test cycles, and in just a few days re-create events that may take years in real life. Standoff offers both attackers and defenders a unique chance to test their skills on digital copies of genuine IT infrastructure. These copies are supplied by real businesses wishing to put their security systems to the test.
Organizer
The Cyber Exercise is organized by Positive Technologies, a leading global provider of solutions in the field of information security, enterprise applications for vulnerability management, compliance with regulatory organizations, incident and threat analysis, and application protection. Legal address: Preobrazhenskaya Square 8, Moscow, Russian Federation.
Participation requirements
Only individuals who have applied to participate in the Cyber Exercise or were invited by the Organizer are able to participate.
Place and duration of the Cyber Exercise
The Cyber Exercise is held online. The Cyber Exercise can be followed at standoff365.com. Details will be fed to the Standoff 365 Platform and updated regularly.
Rules of the Cyber Exercise
-
Teams
In Standoff, there are two types of teams: attackers and defenders. Attackers seek to trigger critical events, such as by bringing SCADA systems to a halt or accessing confidential information. The objective of defenders is to quickly detect and investigate incidents.
Attackers connect via a VPN server using the credentials received from the Organizer during the preparation process.
The Cyber Exercise is time-limited. The remaining time is shown on the Standoff 365 Platform. Technical breaks will be provided.
Attackers
During the Cyber Exercise, attackers attempt to trigger critical events by accomplishing tasks proposed by the Organizer and receive points for doing so. Attackers may target only services located at addresses provided by the Organizer. Points will not be awarded for attacks on other addresses. Services located outside the infrastructure provided by the Organizer are not included in the scope of the cyberrange and Participants are prohibited from attacking them.
Warning. The Organizer can suspend the team from the Cyber Exercise for using service accounts or attempting to gain access to them. The list of service accounts will be published during the Cyber Exercise.
Warning. Attacks on addresses not on the provided list may result in removal of the team from the Cyber Exercise. Moreover, teams are prohibited from conducting DoS and DDoS attacks on the services and applications of the cyberrange infrastructure, including attacks at the network level. Teams performing such attacks may be removed from the Cyber Exercise.
Defenders
The primary objective of defenders is to detect and investigate incidents caused by attackers' actions. During the Cyber Exercise, defenders gain experience in sustaining infrastructure under hyper-realistic conditions.
The Cyber Exercise is time-limited. The remaining time is shown on the Standoff 365 Platform.
Defenders receive access to the cyberrange in advance (usually a month prior) and can become familiar with it. Each team is given configuration files, connection credentials, and other information needed to participate.
To become familiar with the infrastructure, the teams have access to a vulnerability scanner. The Organizer provides infrastructure credentials for performing inventory and scanning. Teams may use any other vulnerability scanners they prefer, but must install them themselves. After familiarization, teams shall provide the Organizer with a list of security tools they plan to use and indicate where they will be located. Generally speaking, teams are limited to three classes of security tools: next-generation firewall (NGFW), application firewalls (AF), and security information and event management (SIEM). Use of other tools is subject to prior approval from the Organizer.
-
Scoring and selection of winners
The Organizer evaluates the performance of the tasks at its own discretion. Attackers receive points for their activities. The actions of defender teams are scored using metrics.
Attackers can earn points by doing the following:
-
Completing tasks offered by the Organizer. Tasks can include obtaining confidential information, disabling one or more services, or changing information on a test website. A task is deemed completed if an answer to it has been accepted as correct. For an answer to be checked, the Participant must submit a report in a specific format (a report template is available on the page of the critical event).
Attackers earn points for each task they complete. The Organizer may also decide to award extra points or deduct penalty points. The first team to complete a task receives the maximum points. If two teams complete a task at the same time, the Organizer can award both teams the maximum points.
If an answer does not contain sufficient information about how the task was completed, the report is not accepted and no points are awarded. If this occurs, the Organizer shall post a comment in the personal account for the report in question. The report may be revised and re-submitted.
-
Finding vulnerabilities. For a vulnerability to be scored, it must be described in a report (any format is OK). The report must include an example of how the vulnerability can be exploited. Depending on the type of vulnerability detected, it may also be necessary to obtain a DBMS version, read a local file, send an arbitrary HTTP request, or display the output of the ipconfig/ifconfig, whoami, or id commands. Only certain classes of vulnerabilities are accepted (RCE, SQLi, Path Traversal, XXE, SSRF).
Attackers receive points for each vulnerability they find that is accepted by the Organizer.
The following metrics are used for each defender team:
-
Number of detected incidents. Defenders work to detect incident at the companies to which they have been assigned. During the Cyber Exercise, defenders may send reports on the incidents that they have detected (a template and sample report are available on the Standoff 365 Platform).
The Organizer evaluates the reports at its sole discretion. If a report does not contain sufficient information, the Organizer will not accept it and instead leave a comment on the Cyber Exercise portal. The report can be corrected and re-submitted.
The target history on the Standoff 365 Platform will be periodically updated to reflect the number of incidents detected by defenders. If a defender team fails to detect incidents that have been detected by the Organizer, the Organizer's information will be displayed.
-
Average attack investigation time. After the Organizer accepts a report about a critical event being triggered from an attacker team, the defenders are informed about the event that was triggered. The defender team must then investigate the critical event. A timer appears on the Cyber Exercise portal: it tracks the time spent on the investigation. The defender team should provide the Organizer with an event investigation report (a template and sample report are available on the Standoff 365 Platform).
The Organizer evaluates the reports at its sole discretion. If a report does not contain sufficient information about the attackers' actions, the report will not be accepted by the Organizer and will be marked as such with a comment on the Cyber Exercise portal. In response to the comment, the defenders may perform an additional investigation, revise the report, and re-submit it.
Once the Organizer has accepted an event investigation report from the defenders, the time it took to complete the investigation is recorded. Time taken by the Organizer to verify the report is not included.
Winner announcement and verification
During the Cyber Exercise, defenders gain experience in maintaining infrastructure under hyper-realistic conditions. Their results will be displayed on a scoreboard for information purposes only.
The winners will be selected from the attackers only. The winners will be announced on the Standoff 365 Platform within five working days of the completion of the Cyber Exercise. The Organizer may, at its discretion, verify a winner's compliance with the Terms. The Participants understand and acknowledge that even though their team may be announced as a winner, if any of them as an individual, or their team's compliance with this Agreement cannot be verified to the satisfaction of the Organizer, the Organizer will select an alternate winner.
Winner's identity
In case of controversies on the identity of the winner, the owner of the email address provided upon registration in the Cyber Exercise will be taken into account; in other words, the person to whom an email address has been attributed by a provider of online services or by any person responsible for the attribution of email addresses for the domain relating to the address provided, will be recognized as a winner. The Organizer reserves the right to ask the winner identified in this way to provide the relevant evidence of his/her being the owner of the email address associated with the winner.
Personal data
By participating in the Cyber Exercise, the Participants agree to provide their personal information to the Organizer in accordance with the Privacy Notice. If the Organizer is unable to collect necessary data, the Participant may be disqualified from the Cyber Exercise. All personal information gathered by the Organizer in the course of the Cyber Exercise will only be used for the Cyber Exercise (and related purposes outlined in this Agreement and in the Privacy Notice).
Limitation of liability
The Organizer will not be liable to any of the Participants for any direct, indirect, actual, or possible damages in connection with the Cyber Exercise or the Terms. Participants hereby release and agree to indemnify and hold harmless the Organizer and its employees, officers, affiliates, agents, partners, experts, as well as advertising and promotional agencies from any and all damages, injuries, claims, causes of actions, liability or losses of any kind (including actual legal fees and expenses), direct or indirect, absolute or contingent, arising from or related to: (a) a Participant's failure to comply with any of the Cyber Exercise rules; (b) provision of false information by a Participant; or (c) participation in the Cyber Exercise.
Internet
The Organizer shall not be liable for any of the following:
- Any electronic transmission errors resulting in omissions, interruptions, deletions, losses, or delays in transmission of data
- Any kind of technical dysfunction in the network, telephone system, electronic equipment, computer, hardware, or software resulting from theft, destruction of equipment, or unauthorized access to the Platform
- Technical problems, traffic congestion, or any combination of problems on the website resulting in inaccurate transmission of data or lack of access to the Platform
In the event that a computer virus, bug, tampering with data, unlawful intervention, foul play, technical malfunction, or other cause results in the Participant's inability to complete a task of the Cyber Exercise as planned, or if the security or fairness of the Cyber Exercise is threatened, the Organizer reserves the right to cancel, end, or change the Platform's functions, or suspend the Cyber Exercise.
Videotaping and still photography
By participating in the Cyber Exercise, the Participants agree to be photographed and videotaped by the Organizer or its contractors without receiving compensation of any kind. The Participants understand that the images and footage may be broadcast, displayed, reproduced, edited, exhibited, used, and distributed by either the Organizer over the internet or any other communication medium now existing or hereafter created, for promotional, revenue producing, or any other purpose as the Organizer determines in its sole and absolute discretion. This authorization explicitly includes the use of a Participant's name, likeness, or voice. The Participant may opt out of being photographed or videotaped by informing the Organizer upon check-in at the Cyber Exercise that he/she does not consent to be photographed or videotaped.
Code of conduct
When participating in the Cyber Exercise, harassment is prohibited. Harassment includes offensive verbal comments related to gender, gender identity and expression, age, sexual orientation, disability, physical appearance, body size, race, ethnicity, nationality, religion, sexual images in public spaces, deliberate intimidation, stalking, following, photography or audio/video recording without reasonable consent, sustained disruption of talks or other events, inappropriate physical contact, and unwelcome sexual attention. Participants asked to stop any harassing behavior are expected to comply immediately.
Information about vulnerabilities embedded by the Organizer in the cyberrange is not confidential and Participants are free to disclose it. However, Participants may not disclose information about zero-day vulnerabilities and/or critical vulnerabilities that were not embedded by the Organizer.
Legislation
The Terms are prepared and construed in accordance with the laws of the Russian Federation.
Separability
If any part of the Terms is judged to be invalid or unenforceable by law, the remainder of the Terms shall continue to remain valid in its entirety.
- To participate in Bug Bounty ("Contest"), an individual ("User") must register on the Platform in the manner provided for in Section 2 of the Agreement.
- By registering, the User accepts the terms and conditions of the Agreement and the terms and conditions of the Contest published at standoff365.com/en-US/regulation-on-contests.
- After registration, the User gets access to his/her personal account on the Platform.
- The User sends a report on the completion of a task in accordance with the terms and conditions of the Contest via the personal account. When sending a report, the User must provide complete and accurate information that does not violate the laws of the Russian Federation. The information to be provided is specified in the report form.
- Additional information to be provided by the Contest winners in order to receive a prize:
- Full name
- Registration address
- Passport data: series, number, date of issue, subdivision code, and issuing authority
- Date and year of birth
- SNILS (individual insurance account number)
- INN (tax identification number)
- Bank details
- The User's personal data is processed as part of the User's participation in the Contest and the execution of this Agreement and the Contest regulations, to which the User is a party.
- The winners consent to the creation of their public profiles on the Platform containing the following information:
- Username
- First and last name
- Total points
- Number of submitted reports
- Maximum severity level of found vulnerabilities
The Standoff 365 cyber exercise ("Cyber Exercise") is a set of online activities for information security professionals. Participants must meet the requirements specified by Positive Technologies ("Organizer"). The Cyber Exercise is held for the purpose of raising society's awareness of information security. Participation in the Cyber Exercise means accepting the terms of the cyber exercise on the Standoff 365 Platform ("Terms").
Participation in the Cyber Exercise is free of charge; nevertheless, since the Cyber Exercise website is accessible via the internet only, each user will have to bear all access-related costs (including those needed for internet connection such as a computer or laptop and related accessories, a modem, and other tools).
Purpose of the Cyber Exercise
The Cyber Exercise will be held on the Standoff 365 Platform. The Cyber Exercise participants can analyze attacks against information infrastructure and applications.
Virtual cyberranges deployed on the Platform re-create information systems and processes that are typical of enterprises from a particular industry (for example, banks and electricity and IT companies). Each industry can include one or more services responsible for regulating activity or providing security at a given organization. Such services might include a mail server, FTP server, client database, document management system, firewall, traffic light management system, wind generators, electricity meters, and electrical substations.
The goal of the participants is to disrupt the functioning of the provided information systems by triggering critical events and exploiting vulnerabilities.
Organizer
The Cyber Exercise is organized by Positive Technologies, a leading global provider of solutions in the field of information security, enterprise applications for vulnerability management, compliance with regulatory organizations, incident and threat analysis, and application protection. Legal address: Preobrazhenskaya Square 8, Moscow, Russian Federation.
Participation requirements
Participants must be 18 years old or have reached the age of emancipation in the jurisdiction in which they are registering for the Cyber Exercise ("Participants"). To take part in the Cyber Exercise, the Participants must register at
standoff365.com.
Place and duration of the Cyber Exercise
The Cyber Exercise is held online 365 days a year, with the exception of technical breaks. Information about the Cyber Exercise is regularly updated on the Standoff 365 Platform.
Rules of the Cyber Exercise
-
General information
At the cyberrange, Participants simulate the actions of attackers targeting a company's information system. Attackers seek to trigger critical events by accomplishing tasks proposed by the Organizer, such as by spoofing ICS data or accessing confidential information. For doing so, they receive points. Attackers may target only services located at addresses provided by the Organizer. Points will not be awarded for attacks on other addresses. Services located outside the infrastructure provided by the Organizer are not included in the scope of the cyberrange and Participants are prohibited from attacking them.
Warning. The Organizer can suspend the Participant from the Cyber Exercise for using service accounts or attempting to gain access to them. The list of service accounts will be published during the Cyber Exercise.
Warning. Attacks on addresses not on the provided list may result in removal of the Participant from the Cyber Exercise. Moreover, the Participants are prohibited from conducting DoS and DDoS attacks on the services and applications of the cyberrange infrastructure, including attacks at the network level. Participants performing such attacks may be removed from the Cyber Exercise.
Participants connect via a VPN server using their personal accounts at standoff365.com. Technical breaks can be called during the Cyber Exercise.
-
Task scoring
Participants can earn points by doing the following:
-
Triggering critical events. Critical events can include stealing confidential information, disabling one or more services, or changing information on a test website. The conditions required for a critical event to be triggered are described in the task. An event is considered triggered if a Participant has submitted a report with the correct solution. The answer must contain a set of characters (flag) that the Participant is supposed to find in an information system. The flags are predefined by the Organizer.
Participants earn points for each task they complete. In addition, the Organizer may evaluate the Participant's work and award additional points.
If the report is not accepted by the system, the Participant must submit a new report (flag).
-
Finding vulnerabilities. For a vulnerability to be scored, it must be described in a report containing a set of characters (flag). The submitted flag must match the flag predefined by the Organizer. Participants can only report vulnerabilities of the following types: Remote Code Execution (RCE), SQL Injection (SQLi), Path Traversal, and Server-Side Request Forgery (SSRF).
For the number of points awarded for the triggering of critical events and the detection of vulnerabilities, see the Cyber Exercise portal
standoff365.com.
Announcement of results
Participants are ranked in descending order by number of points at
standoff365.com.
Personal data
By participating in the Cyber Exercise, the Participants agree to provide their personal information to the Organizer in accordance with the Privacy Notice. If the Organizer is unable to collect necessary data, the Participant may be disqualified from the Cyber Exercise. All personal information gathered by the Organizer in the course of the Cyber Exercise will only be used for the Cyber Exercise (and related purposes outlined in this Agreement and in the Privacy Notice).
Limitation of liability
The Organizer will not be liable to any of the Participants for any direct, indirect, actual, or possible damages in connection with the Cyber Exercise or the Terms. Participants hereby release and agree to indemnify and hold harmless the Organizer and its employees, officers, affiliates, agents, partners, experts, as well as advertising and promotional agencies from any and all damages, injuries, claims, causes of actions, liability or losses of any kind (including actual legal fees and expenses), direct or indirect, absolute or contingent, arising from or related to: (a) a Participant's failure to comply with any of the Cyber Exercise rules; (b) provision of false information by a Participant; or (c) participation in the Cyber Exercise.
Internet
The Organizer shall not be liable for any of the following:
- Any electronic transmission errors resulting in omissions, interruptions, deletions, losses, or delays in transmission of data
- Any kind of technical dysfunction in the network, telephone system, electronic equipment, computer, hardware, or software resulting from theft, destruction of equipment, or unauthorized access to the Platform
- Technical problems, traffic congestion, or any combination of problems on the website resulting in inaccurate transmission of data or lack of access to the Platform
In the event that a computer virus, bug, tampering with data, unlawful intervention, foul play, technical malfunction, or other cause results in the Participant's inability to complete a task of the Cyber Exercise as planned, or if the security or fairness of the Cyber Exercise is threatened, the Organizer reserves the right to cancel, end, or change the Platform's functions, or suspend the Cyber Exercise.
Code of conduct
When participating in the Cyber Exercise, harassment is prohibited. Harassment includes offensive verbal comments related to gender, gender identity and expression, age, sexual orientation, disability, physical appearance, body size, race, ethnicity, nationality, religion, sexual images in public spaces, deliberate intimidation, stalking, following, photography or audio/video recording without reasonable consent, sustained disruption of talks or other events, inappropriate physical contact, and unwelcome sexual attention. Participants asked to stop any harassing behavior are expected to comply immediately.
Information about vulnerabilities embedded by the Organizer in the cyberrange is not confidential and Participants are free to disclose it. However, Participants may not disclose information about zero-day vulnerabilities and/or critical vulnerabilities that were not embedded by the Organizer.
Legislation
The Terms are prepared and construed in accordance with the laws of the Russian Federation.
Separability
If any part of the Terms is judged to be invalid or unenforceable by law, the remainder of the Terms shall continue to remain valid in its entirety.