ASC Finalists: CRS Performance by Vulnerability Class

To be among the top seven finalists for the AIxCC Semifinal Competition (ASC), teams must have found more than one vulnerability across more than one class* of vulnerability. Out of five challenge projects (Linux Kernel, Jenkins, Nginx, SQLite3, and Apache Tika), competitors’ systems discovered 22 unique synthetic vulnerabilities in the Challenge Projects, and of those, patched 15. Competitors’ systems identified 11 unique patches for C-based challenges and four unique patches for Java-based challenges. For more information on the solve status of the ASC, you may visit the Collective Health Solve dashboard: https://dashboard.aicyberchallenge.com/collectivesolvehealth.

*Each of the ASC challenge project vulnerabilities is associated with one or more vulnerability class based on MITRE’s Common Weakness Enumeration (CWE) list. This industry standard categorizes known software and hardware weaknesses and vulnerabilities, assigning each CWE a Weakness ID, referenced in the chart below. The seven finalists found and/or patched CPVs in vulnerability classes that are listed among the “CWE Top 25 Most Dangerous Software Weaknesses.” For more information, please visit the MITRE CWE website: https://cwe.mitre.org/.

Not Found Found Patched