- What are you announcing?
- The Secure API Server Showdown Challenge is a 2 Stage monetary prize competition. Stage 1 invites interested stakeholders to build a secure, Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®) server using current industry technical standards, best practices, and recently issued healthcare-specific implementation guide requirements. Stage 2 is a team-based competition that will award cash prizes based on the identification of “in-scope” security vulnerabilities found in the open source FHIR servers. At the end of Stage 2, all of the confirmed security vulnerabilities will be made public to encourage the industry to update the open source FHIR servers.
- What is the Challenge expected to accomplish?
- The purpose of this prize competition is to stimulate industry investment and engagement in the deployment of “secure” FHIR servers. In addition, we expect that this competition will help identify potentially unknown security flaws in the code used to operate FHIR servers in industry, as well as reinforce the value of following identified technical security best practices. Further, upon its completion, we expect that stakeholders will have greater access to secure, open source FHIR servers that have had their code base further hardened through this competition’s team-based testing. Ultimately, our goal is to see “ready to use”/“turn-key” secure, FHIR server code that meets the SMART on FHIR Authorization technical requirements and on which industry stakeholders can build.
- Are these grant award programs?
- The challenge is not a grant. It is a prize competition run under the authority of the America COMPETES Act, which enables ONC to invest in innovation through research and development. Challenges are a way for HHS employees to draw on external talent and ideas to solve critical problems.
- When are the submissions due?
- Stage 1 submissions are due January 15, 2018 (by 11:59 p.m. EST)
- Stage 2 submissions are due May 25, 2018 (by 11:59 p.m. EDT)
- How do I register for the Challenge?
- Stage 1 participants do not need to register but must submit their work by the Stage 1 deadline. Stage 2 registration will be open between January 8, 2018 – February 5, 2018 (by 11:59 p.m. EST). Registration can be done via the “Register” link on the Challenge website, or by clicking here.
- Can non-United States (U.S.) persons participate in the Challenge?
- Entries from non-United States persons or teams made up of a mix of U.S. and non-U.S. persons are allowed. However, no prizes may be paid to the non-U.S. persons. Therefore, if a team wins in either Stage and there is only one U.S. person on the team, that person will be paid the prize. Note: U.S. persons, in this Challenge, are defined as U.S. citizens or permanent residents of the United States. In the case of a private entity, the organization must be incorporated in and maintain a primary place of business in the United States. U.S. Citizens or permanent residents living outside of the United States are still eligible to participate in the Challenge and receive prizes.
- Do I need an assigned team leader?
- A “team leader” and “alternate leader” must be assigned for each team and a preferred email address must be provided as a means of communication throughout the competition. If you are submitting work alone in Stage 1 then you are the designated team leader and must be a U.S.-person to receive prize money. Note: The team leader will be the primary point of contact and is the individual to whom prize(s) will be paid. We highly recommend that the team leader be a U.S. Citizen or permanent resident as they will be solely responsible for disbursing any prize winnings among team members.
- Is my submission valid if I use open source software that is not using the MIT license?
- The submission can include other open source software code, but should follow all available requirements of the existing code (e.g. Apache, GNU, BSD etc.) as well as the open source requirements of the Challenge. Any “new” or derivative work by the participant(s) would need to be submitted with the MIT License layered on top of the other applicable license(s).
- What is the amount of prize money available for this challenge?
- The total amount of prize money to be awarded for this Challenge is $50,000. Three Stage 1 winners will receive $10,000 each ($30,000 total) after the Stage 2 Server Track is complete and the remaining $20,000 will be allocated for Stage 2 Discovery Track winners.
- When will the winners be announced?
- Stage 1 winners will be announced on February 6, 2018 (by 11:50 p.m. EST)
- Stage 2 winners will be announced on June 29, 2018 (by 11:59 p.m. EDT)