45 Vulnerability Discoverability Timelines from the 2019 Collegiate Penetration Testing Competition

Description This is a collection of manually curated timelines from the 2019 Collegiate Penetration Testing Competition (CPTC). Collection and annotation are described in detail in this publication: Benjamin S. Meyers, Sultan Fahad Almassari, Brandon N. Keller, and Andrew Meneely. Examining Penetration Tester Behavior in the Collegiate Penetration Testing Competition. Forthcoming at Transactions on Software Engineering and Methodology. https://dl.acm.org/doi/10.1145/3514040 Included Files 2019_cptc_timelines.csv: Completed timelines for ten teams from the 2019 CPTC nationals competition. 2019_cptc_timeline_columns.csv: Descriptions of the columns in 2019_cptc_timelines.csv. 2019_cptc_vulnerabilities.csv: Brief vulnerability descriptions and CWE mappings. Other Resources Complete Splunk log data dumps are available here. These must be ingested and viewed with a Splunk instance. To request access to the CPTC team reports, please contact Brock Wagehoft (email). Contact Please contact Benjamin S. Meyers (email) with questions about this data and its collection. Acknowledgments Collection of this data has been sponsored in part by the National Science Foundation grant 1922169, and by a Department of Defense DARPA SBIR program (grant 140D63-19-C-0018).