THE PWN2OWN™ CONTEST ("CONTEST") IS CONDUCTED SOLELY IN ACCORDANCE WITH AND SHALL BE CONSTRUED AND EVALUATED ACCORDING TO APPLICABLE LAW. THE CONTEST IS VOID IN WHOLE OR PART WHERE PROHIBITED BY LAW. ENTRY IN THIS CONTEST CONSTITUTES ACCEPTANCE OF THESE CONTEST RULES (THE "CONTEST RULES"). TREND MICRO INCORPORATED ("TREND MICRO") IS THE SPONSOR OF THIS CONTEST ("SPONSOR").
1. ELIGIBILITY.
Employees of Trend Micro Incorporated and Tesla Inc. and their respective affiliates, subsidiaries, related companies, advertising and promotional agencies, and the household members of any of the above are not eligible to participate in the Contest. This Contest is void where prohibited by law.
Contestants must be at the age of majority in their country, province or state of residence at the time of registration in order to participate and may not be a resident of any United States embargoed or sanctioned country or otherwise be listed on any United States denied or barred persons list. Any software or technology that attendees bring or cause to be transferred for purposes of the Contest to the country in which the Contest is held (“Contest Location”) may be subject to the export controls of attendee’s country of residence or travel origin or subject to the import and export requirements of the Contest Location. Attendees are responsible for compliance with any applicable import and export controls as a result of their attendance at the Contest.
Sponsor shall have the right at any time to require proof of identity and/or eligibility to participate in the Contest. Failure to provide such proof may result in disqualification. All personal and other information requested by and supplied to the Sponsor for the purpose of the Contest must be truthful, complete, accurate, and in no way misleading. The Sponsor reserves the right, in its sole discretion, to disqualify any contestant should such contestant at any stage supply untruthful, incomplete, inaccurate, or misleading personal details and/or information.
If you are a public sector employee, it is critical that you verify the ethics code, laws, and/or regulations that govern your ability to accept items of value from companies with whom you conduct business. Please obtain the necessary approval from your organization before participating in the Contest and/or accepting any item of value from Sponsor. In addition, public-sector employees, employees of K-12 public and private education institutions and all libraries, including public, private school, college or university, research, and private libraries can participate in the Contest only if you are doing so outside of your official status and not as part of your employment with those entities.
2. CONTEST PERIOD.
The Contest will be held March 20th – 22nd, 2024, during the CanSecWest 2024 Conference.
3. HOW TO ENTER.
This Contest is open to all registrants and non-registrants of the CanSecWest 2024 Conference, subject to the eligibility requirements herein. No purchase is required to participate in the Contest.
The contestant can register for the contest by contacting Sponsor via e-mail at pwn2own@trendmicro.com and indicating in which categories the contestant wishes to participate.
All contestants must sign up for a Zero Day Initiative™ ("ZDI") Researcher account in order to participate.
The contestant can register multiple entries for a given category but each entry must be for a different target in that category (See Section 4 below for categories, targets, and prizes). The contestant can only register once per target. Every entry must be a separate and unique exploit chain. Specific details about the targets (software, versions, configurations, chipsets, etc.) will be communicated to contestants during the registration process. If the contestant represents a company, they must identify which company they represent during the registration process. Each company is limited to one registration. Each contestant may only register once as either an individual, a team or company.
The Sponsor reserves the right to deny registration to entries that do not comply with the rules during the registration process. On-site contestant registration closes at 5:00 p.m. Pacific Time on March 14th, 2024. To complete on-site registration, you must complete the Registration Questionnaire form along with opening a placeholder case and complete a Case Entry form for each target you are registering against. Remote contestant registration closes at 5:00 p.m. Pacific Time on March 12th, 2024. To complete remote registration, you must complete the Registration Questionnaire form along with opening a placeholder case and complete a Case Entry form for each target you are registering against. In the placeholder cases, you must include your exploit along associated whitepaper and detailed setup instructions.
4. PRIZES.
Trend Micro is offering cash and prizes during the competition for vulnerabilities and exploitation techniques against the listed targets in the categories below. The first contestant to successfully compromise a target within the selected category will win the prize amount indicated for that specific target. All prizes are in US currency.
The contest has eight categories consisting of:
Each category has a set of targets that can be selected by the contestant during the registration process. All entries must compromise the target and demonstrate arbitrary code execution.
If the contestant's attempt is successful, it might be eligible for an Add-on Bonus. This Add-on Bonus results in additional monetary prizes and Master of Pwn points. The contestant must identify which Add-on Bonus they are attempting during the registration process. It is possible to remove the Add-on bonuses during the attempt as long as the attempt meets the requirements of the original category without the Add-ons. If the Add-on bonus is removed during the attempt, this will impact the potential Master of Pwn points award as defined in the Master of Pwn section below. The eligibility requirements for the various Add-on Bonuses are documented in each category below.
Virtualization Category
An attempt in this category must be launched from within the guest operating system and execute arbitrary code on the host operating system or in the hypervisor.
Targets:
|
Target |
Prize |
Master of Pwn Points |
Eligible for Add-on Prize |
|
Oracle VirtualBox |
$40,000 |
4 |
Yes |
|
VMware Workstation |
$80,000 |
8 |
Yes |
|
VMware ESXi |
$150,000 |
15 |
No |
|
Microsoft Hyper-V Client |
$250,000 |
25 |
Yes |
For Oracle VirtualBox, VMware Workstation, and Microsoft Hyper-V Client, the guest operating system will be running Microsoft Windows 11 23H2 x64 or Ubuntu 23.10 for Desktop and the host operating system will be running Microsoft Windows 11 23H2 x64. For VMware ESXi, the guest operating system will be running Microsoft Windows 11 23H2 x64 or Ubuntu 23.10 for Desktop. Certain optional components, such as RemoteFX, Legacy Network Adapter (Generation 1), and Fibre Channel Adapter, are not considered default and will be out of scope for the Microsoft Hyper-V Client target.
Available Add-on Prizes:
|
Add-on Prize |
Prize |
Master of Pwn Points |
|
Escalation of privilege leveraging a Windows kernel vulnerability on the host operating system. |
$50,000 |
5 |
To be eligible for this add-on prize, the kernel vulnerability used to escalate privilege on the host operating system must be different from any kernel vulnerability required to escape the virtualization target.
Web Browser Category
An attempt in this category must be launched from the target under test. For example, launching the target under test from the command line is not allowed. In this category, the Windows-based targets will be running in a VMware Workstation virtual machine.
Targets:
|
Target |
Escape Options |
Prize |
Master of Pwn Points |
Eligible for VMware Escape Add-on Prize |
Eligible for Double Tap Add-on Prize |
|
Google Chrome |
N/A – Renderer Only |
$60,000 |
6 |
No |
Yes |
|
Windows Kernel Escalation of Privilege |
$100,000 |
10 |
Yes |
Yes |
|
|
Sandbox Escape |
$150,000 |
15 |
Yes |
Yes |
|
|
Microsoft Edge (Chromium) |
N/A – Renderer Only |
$60,000 |
6 |
No |
Yes |
|
Windows Kernel Escalation of Privilege |
$100,000 |
10 |
Yes |
Yes |
|
|
Sandbox Escape |
$150,000 |
15 |
Yes |
Yes |
|
|
Apple Safari |
N/A – Renderer Only |
$60,000 |
6 |
No |
No |
|
Sandbox Escape or macOS Kernel Escalation of Privilege |
$100,000 |
10 |
No |
No |
|
|
Mozilla Firefox |
N/A – Renderer Only |
$50,000 |
5 |
No |
No |
|
Sandbox Escape or Windows Kernel Escalation of Privilege |
$100,000 |
10 |
Yes |
No |
Available Add-on Prizes:
|
Add-on Prize Type |
Add-on Prize |
Prize |
Master of Pwn Points |
|
VMware Escape Add-on |
Execute code on the host operating system by escaping the VMware Workstation virtual machine. |
$80,000 |
8 |
|
Double Tap Add-on |
Single entry must successfully gain arbitrary code execution on Google Chrome and Microsoft Edge (Chromium) |
$25,000 |
3 |
Contestants are only eligible to register once for the Double-Tap Add-on prize in the contest.
Enterprise Applications Category
An attempt in this category must be launched from the target under test. For example, launching the target under test from the command line is not allowed.
Targets:
|
Target |
Escape Option |
Prize |
Master of Pwn Points |
|
Adobe Reader |
Sandbox Escape or Kernel Escalation of Privilege |
$50,000 |
5 |
|
Microsoft Office 365 ProPlus (Word/Excel/PowerPoint/Outlook) |
N/A |
$100,000 |
10 |
The Office targets will be running Microsoft Office 365 ProPlus x64 (Monthly Channel). To download and configure this for your testing, please use the directions available on Microsoft’s web site. To verify you are on Monthly Channel, check under File->Account and you will see the channel configuration under the build number. A trial is available from https://products.office.com/en-us/try.
Microsoft Office-based targets will have Protected View enabled, where applicable. Adobe Reader will have Protected Mode enabled, where applicable. Contestants can elect to run their entry on either Microsoft Windows 11 23H2 or Apple macOS Sonoma. For Microsoft Outlook, maximum user interaction is opening or viewing an e-mail.
Server Category
An attempt in this category must be launched from the contestant’s laptop within the contest network.
Targets:
|
Target |
Prize |
Master of Pwn Points |
|
Microsoft Windows RDP/RDS |
$200,000 |
20 |
|
Microsoft Exchange |
$200,000 |
20 |
|
Microsoft SharePoint |
$100,000 |
10 |
Local Escalation of Privilege Category
An attempt in this category must be launched from within the target under test from a non-admin and non-root account. In this category, the entry must leverage a kernel vulnerability to escalate privileges.
Targets:
|
Target |
Prize |
Master of Pwn Points |
|
Ubuntu Desktop |
$20,000 |
2 |
|
Microsoft Windows 11 |
$30,000 |
3 |
|
Apple macOS |
$40,000 |
4 |
Enterprise Communication Category
An attempt must compromise the target application by communicating with the contestant. Example communication requests could be audio call, video conference, message, etc.
Targets:
|
Target |
Prize |
Master of Pwn Points |
|
Zoom |
$60,000 |
6 |
|
Microsoft Teams |
$60,000 |
6 |
|
Slack |
$25,000 |
2.5 |
Cloud/Container Category
An attempt against the containerd, Docker Desktop, and Firecracker targets must be launched from within the guest container/microVM and execute arbitrary code on the host operating system. An attempt against gRPC target must leverage a vulnerability in the gRPC code base to obtain arbitrary code execution.
Targets:
|
Target |
Prize |
Master of Pwn Points |
|
containerd |
$60,000 |
6 |
|
Docker Desktop |
$60,000 |
6 |
|
Firecracker |
$60,000 |
6 |
|
gRPC |
$30,000 |
3 |
Automotive Category
An attempt in this category must be launched against the target under test, a Tesla Model 3 (Ryzen-based), Tesla Model S (Ryzen-based) or equivalent bench top unit. A successful attempt against a given target must obtain remote code execution on the specified target through any vector or subsystems that are necessary to reach that specified target. Some targets will require you to exploit multiple subsystems to reach the selected target. The prize amount is based on where the final code execution occurs. The prize amounts are not cumulative.
Targets:
|
Target |
Option |
Prize Amount |
Master of Pwn Points |
Additional Option |
Eligibility |
|
Tuner |
N/A |
$30,000 |
3 |
Vehicle Prize |
No |
|
Infotainment Root Persistence Add-on |
No |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
Yes |
||||
|
Infotainment |
Diagnostic/Tuner/Modem Ethernet |
$25,000 |
2.5 |
Vehicle Prize |
No |
|
Infotainment Root Persistence Add-on |
Yes |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
Yes |
||||
|
USB-based Attack |
$35,000 |
3.5 |
Vehicle Prize |
No |
|
|
Infotainment Root Persistence Add-on |
Yes |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
Yes |
||||
|
N/A |
$50,000 |
5 |
Vehicle Prize |
No |
|
|
Infotainment Root Persistence Add-on |
Yes |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
Yes |
||||
|
Sandbox Escape |
$100,000 |
10 |
Vehicle Prize |
No |
|
|
Infotainment Root Persistence Add-on |
Yes |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
Yes |
||||
|
Unconfined Root/Kernel Escalation of Privilege |
$150,000 |
15 |
Vehicle Prize |
No |
|
|
Infotainment Root Persistence Add-on |
Yes |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
Yes |
||||
|
Modem |
N/A |
$75,000 |
7.5 |
Vehicle Prize |
No |
|
Infotainment Root Persistence Add-on |
No |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
Yes |
||||
|
Gateway (via Diagnostic/Infotainment Ethernet) |
N/A |
$100,000 |
10 |
Vehicle Prize |
Yes |
|
Infotainment Root Persistence Add-on |
No |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
No |
||||
|
Any Tesla ECU |
Vehicle (VEH) CAN Control |
$200,000 |
20 |
Vehicle Prize |
Yes |
|
Infotainment Root Persistence Add-on |
No |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
No |
||||
|
Chassis (CH) CAN Control |
$300,000 |
30 |
Vehicle Prize |
Yes |
|
|
Infotainment Root Persistence Add-on |
No |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
No |
||||
|
Party CAN Control |
$400,000 |
40 |
Vehicle Prize |
Yes |
|
|
Infotainment Root Persistence Add-on |
No |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
No |
||||
|
Autopilot |
Diagnostic/Infotainment Ethernet |
$200,000 |
20 |
Vehicle Prize |
Yes |
|
Infotainment Root Persistence Add-on |
No |
||||
|
Autopilot Root Persistence Add-on |
Yes |
||||
|
CAN Bus Add-on |
No |
||||
|
Full Remote |
$400,000 |
40 |
Vehicle Prize |
Yes |
|
|
Infotainment Root Persistence Add-on |
No |
||||
|
Autopilot Root Persistence Add-on |
No |
||||
|
CAN Bus Add-on |
No |
||||
|
Full Remote with Unconfined Root |
$500,000 |
50 |
Vehicle Prize |
Yes |
|
|
Infotainment Root Persistence Add-on |
No |
||||
|
Autopilot Root Persistence Add-on |
Yes |
||||
|
CAN Bus Add-on |
No |
· Any “Infotainment” entry that is leveraging vulnerabilities in the built-in browser must be chained with a sandbox escape or a root/kernel privilege escalation. The sandbox escape must result in code execution outside the browser containment measures, not just the Chromium sandbox.
· USB-based attacks in the “Infotainment” category must target the USB port that passengers would routinely plug into that is openly exposed on the center console or glovebox. Any other exposed USB ports are not in scope for this target.
· Entries against Ethernet attacks in the “Infotainment” category are eligible for an additional $10,000 USD bonus if the entry targets a service other than the exposed Odin and Update services.
· Entries targeting Odin and Update services that require physical access to the Ethernet or USB are not eligible for the Unconfined Root/Kernel Escalation of Privilege prize.
· In the “Any Tesla ECU” target, we are referring to ECUs authored/developed by Tesla. A winning entry must demonstrate arbitrary control of the target CAN bus.
· Unconfined root is defined as executing code under the "root" Linux user with full Linux capabilities, while also not restricted by any apparmor, seccomp, or iptables policy, or any Linux namespace.
· Entries related to relay, cloning, or rolljam attacks are not in scope for the contest.
· Entries that require physical access are out of scope, unless otherwise stated.
Available Add-on Prizes:
|
Add-on Prize Type |
Add-on Prize |
Prize |
Master of Pwn Points |
|
Infotainment Root Persistence |
Entry’s payload must maintain root persistence on the Infotainment target over a reboot. |
$50,000 |
5 |
|
Autopilot Root Persistence |
Entry’s payload must maintain root persistence on the Autopilot target over a reboot. |
$50,000 |
5 |
|
CAN Bus |
Entry’s payload must demonstrate arbitrary control of any physical CAN bus. |
$100,000 |
10 |
Along with the prize money, the first-round winner against an eligible target in this category will win a Tesla Model 3 or comparable vehicle (MSRP $38,990 (USD)) (“Tesla Prize”). If the entry targets a Tesla Model S (Ryzen-based), the Tesla Prize will be a Tesla Model 3. No additional options are included in the vehicle. If the Tesla Prize is not available for whatever reason, Sponsor may substitute the Tesla Prize for (1) an alternate Tesla vehicle of equivalent value, or (2) an amount equal to the current value of the Tesla Prize payable in USD, in Sponsor’s discretion.
If you are going to participate in this category, you will need to notify the contest organizer which platform - Tesla Model 3 (Ryzen-based), Tesla Model S (Ryzen-based) or equivalent bench top unit – you plan on preforming the attempt on two weeks before the event so we can source the vehicle/hardware in time for the contest.
Master of Pwn
The contestant with the highest total points at the end of the contest ("Master of Pwn") will receive 65,000 ZDI reward points (estimated at $25,000 (USD)). Total points are calculated by the sum of the successful entries based on the allocated Master of Pwn points in the tables above.
For example, if a contestant has two successful entries (Microsoft Edge (Chromium) with a Sandbox Escape and Google Chrome with a Sandbox Escape chained with a VMware Workstation escape add-on) would be 38 Master of Pwn points. If two or more contestants have the same number of points at the end of the contest, each of these contestants will receive 65,000 ZDI reward points (estimated at $25,000 (USD)).
If the contestant decides to remove an Add-on Bonus during their attempt, the Master of Pwn points for that Add-on Bonus will be deducted from the final point total for that attempt. If the contestant decides to withdraw from the registered attempt after the start of the contest, the Master of Pwn points for that attempt will be divided by 2 and deducted from the contestant's point total for the contest.
Along with the prize money, the first-round winner for a given category will win a laptop (estimated value of $1,000 (USD)) unless otherwise stated in the Category description in Section 4. Winners of these prizes are not entitled to the difference, if any, between the actual prize value and the estimated prize value. The estimated prize value is as of the date of printing of these Contest Rules.
It is possible that a category may have no winner. If a category has no winner, Sponsor may, in its sole discretion, choose to use the prize money from that category to offer additional prize(s) in another above listed category that may be equal to or less than the initial prize offering for such category. The odds of winning depend on the number of eligible participants in a category and the ability to meet the requirements of this skills-based Contest. Prizes will be distributed within eight (8) weeks after each winner has fulfilled the requirements set out herein.
Prizes must be accepted as awarded and cannot be transferred, assigned, substituted, or redeemed for cash except at the sole discretion of Sponsor. Any unused portion of a prize will be forfeited and has no cash value. Sponsor reserves the right, in its sole discretion, to substitute a prize of equal or greater value if a prize (or any portion thereof) cannot be awarded for any reason. Taxes on prizes, if any, are the sole responsibility of the winner.
Sponsor reserves the right, in its sole discretion, to add or modify the categories if a new version of one of the targets or devices are released, hardened, updated, or recalled between the release of the Contest Rules and the Contest.
The Sponsor shall not assume any liability for any lost or misdirected prizes.
5. WINNER SELECTION.
If more than one contestant registers for a given category, the order of the contestants will be drawn at random. Based on the contestant order, the first contestant will be given an opportunity to attempt to compromise the selected target. If unsuccessful, the next randomly drawn contestant will be given an opportunity. This will continue until a contestant successfully compromises the target. The first contestant to successfully compromise a selected target will win the prize money for that target in the category. After a target has been compromised, the contest for that category is over and no other contestants will participate in the contest for that category (unless Sponsor has offered an additional winner option, which would be announced at the Contest, if applicable).
A successful entry must leverage a vulnerability to modify the standard execution path of a program or process in order to allow the execution of arbitrary instructions. The entry is required to defeat the target's techniques designed to ensure the safe execution of code, such as, but not limited to, Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) and/or application sandboxing. If a sandbox is present, a full sandbox escape is required unless otherwise stated in the Category description in Section 4. The resulting payload should be executing in an elevated context (for example, on Windows-based targets, Medium integrity level or higher).
A contestant has up to three (3) attempts to succeed. Each of the three (3) attempts will be individually limited to a time period of ten (10) minutes. For an attempt to be deemed successful, all elements of the attempt must complete within the 10-minute window. All three (3) attempts must be completed within thirty (30) minutes, excluding time needed to setup device prior the attempt. Notwithstanding the foregoing, Sponsor may extend a contestant’s time, in Sponsor’s discretion, if during an attempt, the contestant experiences any connection issues caused by inaccessible or unavailable networks, servers, Internet Service Providers, or other connections that are outside of contestant’s or Sponsor’s control.
A successful entry against these targets must require no user interaction beyond the action required to launch the attempt and must occur within the user's session with no reboots, or logoff/logons. For example, having to interact with a dialog in order to successfully complete the exploit or writing a malicious file to the Startup folder is not allowed.
The initial vulnerability utilized in the entry must be in the registered target. The sandbox escape utilized in the entry must be in the registered target (unless the entry leverages a kernel privilege escalation).
A given vulnerability may only be used once across all categories. The vulnerabilities utilized in the attack must be unknown, unpublished, and/or not previously reported to the vendor or the Sponsor. If the entry leverages a previously known vulnerability, as evidenced by the vendor or Sponsor, Sponsor may, in its sole discretion, choose to accept the entry(ies) and offer the prize(s) at a value less than the initial prize offering for a given category.
If authentication is present, the exploit must occur prior to authentication to the service or include an authentication bypass. If the entry requires a man-in-the-middle attack, Sponsor may, in its sole discretion, choose to accept the entry(ies) and offer the prize(s) at a value less than the initial prize offering for a given category. Contestants may contact the Sponsor prior to the Contest to obtain a determination regarding prize eligibility for proposed entries that require such techniques.
The targets will be running on the latest, fully patched version of the operating system available on the selected target (Microsoft Windows 11 23H2, Microsoft Windows Server 2022, Apple macOS Sonoma on a M-series MacBook Pro, and Ubuntu 23.10 for Desktop) unless otherwise stated in the Category description in Section 4. All targets will be 64-bit, if available. All targets will be installed in their default configurations. Sponsor reserves the right, in its sole discretion, to allow non-default configurations if the Sponsor deems them to be in the normal use case of the target under test.
Sponsor reserves the right to solely determine what constitutes a successful entry. The Sponsor may, in its sole discretion, choose to accept the entry(ies) and offer the prize(s) at a value less than the initial prize offering for a given category if the Sponsor deems that part of the exploit chain fails to meet the above rules. For example, if the entry contains a previously known vulnerability, and the vendor has not yet released a patch, Sponsor may accept the entry(ies) and offer the prize(s) at a value less than the initial prize offering for a given category.
Upon successful demonstration of the exploit, the contestant will provide Sponsor with a fully functioning exploit plus a whitepaper explaining the vulnerabilities and exploitation techniques used in the entry. In the case that multiple vulnerabilities were exploited to gain code execution, details about all of the vulnerabilities (memory corruption, infoleaks, privilege escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prizes. Vulnerabilities and exploit techniques revealed by contest winners will be disclosed to the affected vendors and the exploits and whitepapers will become the property of the Sponsor in accordance with the ZDI researcher agreement.
6. INDEMNIFICATION BY CONTESTANT.
By entering the Contest, contestant releases and holds Sponsor harmless from any and all liability for any injuries, loss, or damage of any kind to the contestant or any other person, including personal injury, death, or property damage, resulting in whole or in part, directly or indirectly, from acceptance, possession, use, or misuse of any prize, participation in the Contest, any breach of the Contest Rules, or in any prize-related activity. The contestant agrees to fully indemnify Sponsor from any and all claims by third parties relating to the Contest, without limitation.
7. LIMITATION OF LIABILITY.
Contestant acknowledges and agrees that Sponsor assumes no responsibility or liability for any computer, online, software, telephone, hardware, or technical malfunctions that may occur. The Sponsor is not responsible for any incorrect or inaccurate information, whether caused by website users or by any of the equipment or programming associated with or utilized in the Contest or by any technical or human error which may occur in the administration of the Contest. The Sponsor is not responsible for any problems, failures, or technical malfunctions of any telephone network or lines, computer online systems, servers, providers, computer equipment, software, e-mail, players, or browsers, on account of technical problems or traffic congestion on the Internet, at any website, or on account of any combination of the foregoing. The Sponsor is not responsible for any injury or damage to the contestant or to any computer related to or resulting from participating or downloading materials in this Contest. Contestant assumes liability for injuries caused or claimed to be caused by participating in the Contest, or by the acceptance, possession, use of, or failure to receive any prize. The Sponsor assumes no responsibility or liability in the event that the Contest cannot be conducted as planned for any reason, including those reasons beyond the control of the Sponsor, such as infection by computer virus, bugs, tampering, unauthorized intervention, fraud, technical failures, or corruption of the administration, security, fairness, integrity, natural disaster, or proper conduct of this Contest.
8. CONDUCT.
As a condition of participating in the Contest, each contestant agrees to be bound by these Contest Rules and indicates consent as part of the registration process. Contestant further agrees to be bound by the decisions of the Sponsor, which shall be final and binding in all respects. The Sponsor reserves the right, in its sole discretion, to disqualify any contestant found to be: (a) violating the Contest Rules; (b) tampering or attempting to tamper with the Contest or any of the equipment, the Contest website or Contest programming; or (c) acting in an unsportsmanlike or disruptive manner that interferes with any portion of the Contest; or (d) engaging in any form of harassing, offensive, discriminatory, or threatening speech or behavior, including (but not limited to) relating to race, gender, gender identity and expression, national origin, religion, disability, marital status, age, sexual orientation, military or veteran status, or other protected category. CAUTION: ANY ATTEMPT TO DELIBERATELY UNDERMINE THE LEGITIMATE OPERATION OF THE CONTEST MAY BE A VIOLATION OF CRIMINAL AND CIVIL LAWS. SHOULD SUCH AN ATTEMPT BE MADE, THE SPONSOR RESERVES THE RIGHT TO SEEK REMEDIES AND DAMAGES TO THE FULLEST EXTENT PERMITTED BY LAW, INCLUDING BUT NOT LIMITED TO CRIMINAL PROSECUTION.
9. PRIVACY / USE OF PERSONAL INFORMATION.
By participating in the Contest, contestant: (i) grants to the Sponsor the right to use his/her name, likeness, mailing address, telephone number, and e-mail address ("Personal Information") for the purpose of administering the Contest, including but not limited to contacting and announcing the winners; and (ii) acknowledges that the Sponsor may disclose his/her Personal Information to third-party agents and service providers of the Sponsor in connection with any of the activities listed in (i) above.
Sponsor will use the contestant's Personal Information only for identified purposes, and protect the contestant's Personal Information in a manner that is consistent with Sponsor's Privacy Policy at: trendmicro.com/privacy
10. INTELLECTUAL PROPERTY.
All intellectual property, including but not limited to trademarks, trade names, logos, copyrights, designs, promotional materials, web pages, source code, drawings, illustrations, slogans, and representations are owned by Sponsor and/or its affiliates. All rights are reserved. Unauthorized copying or use of any copyrighted material or intellectual property without the express written consent of its owner is strictly prohibited.
11. TERMINATION.
Sponsor reserves the right, in its sole discretion, to terminate the Contest, in whole or in part, and/or modify, amend, or suspend the Contest, and/or the Contest Rules in any way, at any time, for any reason without prior notice.
12. LAW.
These are the official Contest Rules. The Contest is subject to applicable laws and regulations. The Contest Rules are subject to change without notice in order to comply with any applicable laws or the policy of any other entity having jurisdiction over the Sponsor and/or the Contest. All issues and questions concerning the construction, validity, interpretation, and enforceability of the Contest Rules or the rights and obligations as between the contestant and the Sponsor in connection with the Contest shall be governed by and construed in accordance with the laws of the Canada including procedural provisions without giving effect to any choice of law or conflict of law rules or provisions that would cause the application of any other jurisdiction's laws.
13. PRECEDENCE.
In the event of any discrepancy or inconsistency between the terms and conditions of the Contest Rules and disclosures or other statements contained in any Contest-related materials, the terms and conditions of the Contest Rules shall prevail, govern, and control.
© 2024 Trend Micro Incorporated. All rights reserved. PWN2OWN, ZERO DAY INITIATIVE, ZDI and Trend Micro are trademarks or registered trademarks of Trend Micro Incorporated. All other trademarks and trade names are the property of their respective owners.