Update in prep for Village

lib/quadblockquiz_web/live/contest_rules.ex

@@ -40,7 +40,7 @@ defmodule QuadblockquizWeb.ContestRules do
               registered attendees at the Cybersecurity Automation Village.
               Contestants must login to the game using the 'handle' option,
               and must choose a handle that is unique from other contestants.
-              You should be asked for your email address on the first use of your handle.
+              You should be asked for your email address on starting the first using that handle.
               If you are not asked for your email, then there is already an email for that handle.
               If it wasn't yours, then you are playing for someone else!
               You may have more than one handle, but can only win one prize.
@@ -69,7 +69,7 @@ defmodule QuadblockquizWeb.ContestRules do
                   You can play with more than one handle - but one person can only win one prize!
                 </li>
                 <li>
-                  The game should prompt you for your email when you enter your handle for first time.
+                  The game should prompt you for your email on starting a game using that handle for first time.
                 </li>
                 <li>Once assigned, that handle will stay connected to that email address.</li>
                 <li>
@@ -88,9 +88,10 @@ defmodule QuadblockquizWeb.ContestRules do
                 </li>
                 <li>
                   Contestants may submit more than one game,
+                  play often to increase your chances of winning,
                   but only one prize per person.
-                  The contest scoreboard will automatically do this,
-                  but note the leaderboard only shows games in progress.
+                  The contest scoreboard will automatically keep track of all your games,
+                  but note the scoreboard only shows games in progress.
                   The final tally (including the finished games)
                   doesn't show until the contest is over.
                 </li>
@@ -113,7 +114,7 @@ defmodule QuadblockquizWeb.ContestRules do
                 </li>
                 <li>
                   Winners will be chosen based on their positions on the Contest Scoreboards.
-                  Note the Contest Scoreboard is different than the Leaderboard (which is for "all-time").
+                  Note the Contest Scoreboards are different than the Leaderboard (which is for "all-time").
                 </li>
                 <li>
                   A person can only win a single prize across the two Contests.
@@ -125,8 +126,14 @@ defmodule QuadblockquizWeb.ContestRules do
                 <li>
                   To be eligible for IRL Contest prizes, the person must be physcially present
                   at lunch on Friday.
-                  If not present, the person will be declared ineligible and the prize will go
-                  to next eligible person.
+                  Unless previously agreed with sFractal, the person will be declared ineligible if not present,
+                  and the prize will go to next eligible person.
+                </li>
+                <li>
+                  To be eligible for Hybrid Contest prizes, the person must be on the bridge
+                  at lunch on Friday.
+                  Unless previously agreed with sFractal, the person will be declared ineligible if not on the bridge,
+                  and the prize will go to next eligible person.
                 </li>
                 <li>
                   The "most points" prize will be awarded to the eligible

lib/quadblockquiz_web/templates/layout/root.html.heex

@@ -49,27 +49,26 @@
         <tr>
           <td>
             <a href="https://google.com/" class="phx-logo">
-              <img src={Routes.static_path(@conn, "/images/Peraton.jpeg")} 
-              alt="Peraton Logo" />
+              <img src={Routes.static_path(@conn, "/images/Peraton.jpeg")} alt="Peraton Logo" />
             </a>
           </td>
           <td>
-          <a href="https://cyware.com/" class="phx-logo">
-            <img
-              src={Routes.static_path(@conn, "/images/cyware_logo.png")}
-              alt="Cyware Logo"
-              class="max-h-32"
-            />
-          </a>
+            <a href="https://cyware.com/" class="phx-logo">
+              <img
+                src={Routes.static_path(@conn, "/images/cyware_logo.png")}
+                alt="Cyware Logo"
+                class="max-h-32"
+              />
+            </a>
           </td>
           <td>
-          <a href="https://oasis-open.org/" class="phx-logo">
-            <img
-              src={Routes.static_path(@conn, "/images/oasis_logo.png")}
-              alt="OASIS Logo"
-              class="max-h-32"
-            />
-          </a>
+            <a href="https://oasis-open.org/" class="phx-logo">
+              <img
+                src={Routes.static_path(@conn, "/images/oasis_logo.png")}
+                alt="OASIS Logo"
+                class="max-h-32"
+              />
+            </a>
           </td>
           <td>
             <a href="https://sfractal.com/" class="phx-logo">

mix.exs

@@ -5,7 +5,7 @@ defmodule Quadblockquiz.MixProject do
     [
       app: :quadblockquiz,
       description: "Descri'be",
-      version: "1.0.2",
+      version: "1.0.3",
       elixir: "~> 1.15.4",
       elixirc_paths: elixirc_paths(Mix.env()),
       start_permanent: Mix.env() == :prod,

qna/cacao/010.md

@@ -4,18 +4,39 @@
 
 ---
 ## CACAO
-need input from this team
+The Collaborative Automated Course of Action Operations (CACAO) Security Playbook standard
+defines a playbook schema and taxonomy for the purpose of standardizing 
+the way we create, document, and share security playbooks.
+
+Security playbooks document processes and procedures for cybersecurity 
+and can be used to guide and speed up security operations, 
+ensure organizational policy and regulatory framework compliance, 
+or purely drive automation functions. 
+Thus, security playbooks can be derived in both human-understandable 
+and machine-executable formats.
+
+To defend against threat actors and their tactics, techniques, and procedures 
+organizations need to detect, investigate, prevent, mitigate, and remediate threats in cyber relevant time. 
+To do this, organizations need to identify, create, document, and test the orchestration steps 
+needed to achieve these outcomes. 
+These steps, when grouped together, form a cyber security playbook 
+that can be used to protect organizational systems, networks, data, and users.
+CACAO describes how these playbooks can be created, documented, and shared in a structured and standardized way across organizational boundaries and technological solutions.
+
 
 # Question:
-What is question? you better skip this one
+What is CACAO the abbreviation for?
 
 ## Answers
-- wrong answer
-- there is no right answer until team provides input for this section
+- Collaborative Automated Course of Action Operations
+- Course of Action for Collaborative Automated Operations
+- Not an abbreviation, the authors just like chocolate
+- Collaborative Action Can Automate Oasis
+- none of the above
 
 ## Score
 - Right:25
 - Wrong:5
 
 ## Powerup
-MoveBlock
+DeleteBlock

qna/cacao/020.md

@@ -4,14 +4,27 @@
 
 ---
 ## CACAO
-need input from this team
+The OCA CACAO Roaster subproject is an open-source, 
+community-driven web application that can be used to 
+design, generate, modify, store, digitally sign and verify CACAO playbooks.
+
+CACAO is a standardized machine-processable framework for orchestrating and automating 
+course-of-action playbooks in cybersecurity. 
+It streamlines the creation, execution, and exchange of playbooks, 
+making it easier for security teams to respond to incidents, 
+mitigate threats, and protect their networks.
+
+Roaster was chosed as the name since just like a roaster turns cacao into edible cocoa, 
+Roaster helps easily create CACAO playbooks.
 
 # Question:
-What is question? you better skip this one
+What is ROASTER the abbreviation for:
 
 ## Answers
-- wrong answer
-- there is no right answer until team provides input for this section
+- Collaborative Automated Course of Action Operations
+- Right On About Security Terms Except Regulations
+- Regulating Operational Actions of Security Exploit Renegades
+- not an abbreviation, just an appropriate word
 
 ## Score
 - Right:25

qna/csaf/010.md

@@ -3,15 +3,44 @@
 }
 
 ---
-## CSAF
-need input from this team
+## VEX
+VEX stands for “Vulnerability Exploitability eXchange.” 
+CSAF stands for "Common Security Advisory Format".
+CSAF is an OASIS Standard that has a VEX profile which
+allows a software supplier or other parties to assert the status of 
+specific vulnerabilities in a particular product or product line.
+
+The primary use cases for VEX are to provide users (e.g., operators, developers, and services
+providers) additional information on whether a product is impacted by a specific vulnerability in an
+included component and, if affected, whether there are actions recommended to remediate.
+
+A VEX is an assertion about the status of a
+vulnerability in specific products. The status can be:
+* Not affected – No remediation is required regarding this vulnerability.
+* Affected – Actions are recommended to remediate or address this vulnerability.
+* Fixed – Represents that these product versions contain a fix for the vulnerability.
+* Under Investigation – It is not yet known whether these product versions are affected by the vulnerability. An update will be provided in a later release.
+
+Not_affected is particularly important because it allows users to focus on other products which are affected.
+Because there are different reasons for a vendor to assert "not affected",
+VEX allows for additional information in the form of a "status justification" which can be:
+* component_not_present
+* vulnerable_code_not_present
+* vulnerable_code_cannot_be_controlled_by_adversary
+* Vulnerable_code_not_in_execute_path
+* Inline_mitigations_already_exist
+Some users may choose to still take mitigating actions depending on the status justification.
+
 
 # Question:
-What is question? you better skip this one
+VEX is an abbreviation for:
 
 ## Answers
-- wrong answer
-- there is no right answer until team provides input for this section
+- Vulnerability Easily eXploited 
+- Vulnerability Exploitability eXchange
+- not an abbreviation. VEX means its a vexing topic.
+- Common Security Advisory Format
+- Cyber Security Advisory Format
 
 ## Score
 - Right:25

qna/csaf/020.md

@@ -3,19 +3,48 @@
 }
 
 ---
-## CSAF
-need input from this team
+## VEX
+VEX stands for “Vulnerability Exploitability eXchange.” 
+CSAF stands for "Common Security Advisory Format".
+CSAF is an OASIS Standard that has a VEX profile which
+allows a software supplier or other parties to assert the status of 
+specific vulnerabilities in a particular product or product line.
+
+The primary use cases for VEX are to provide users (e.g., operators, developers, and services
+providers) additional information on whether a product is impacted by a specific vulnerability in an
+included component and, if affected, whether there are actions recommended to remediate.
+
+A VEX is an assertion about the status of a
+vulnerability in specific products. The status can be:
+* Not affected – No remediation is required regarding this vulnerability.
+* Affected – Actions are recommended to remediate or address this vulnerability.
+* Fixed – Represents that these product versions contain a fix for the vulnerability.
+* Under Investigation – It is not yet known whether these product versions are affected by the vulnerability. An update will be provided in a later release.
+
+Not_affected is particularly important because it allows users to focus on other products which are affected.
+Because there are different reasons for a vendor to assert "not affected",
+VEX allows for additional information in the form of a "status justification" which can be:
+* component_not_present
+* vulnerable_code_not_present
+* vulnerable_code_cannot_be_controlled_by_adversary
+* Vulnerable_code_not_in_execute_path
+* Inline_mitigations_already_exist
+Some users may choose to still take mitigating actions depending on the status justification.
+
 
 # Question:
-What is question? you better skip this one
+CSAF is an abbreviation for:
 
 ## Answers
-- wrong answer
-- there is no right answer until team provides input for this section
+- Vulnerability Easily eXploited 
+- Vulnerability Exploitability eXchange
+- Cyber Security Advisory Format
+- Common Secure Advancement Failures 
+- Common Security Advisory Format
 
 ## Score
 - Right:25
 - Wrong:5
 
 ## Powerup
-MoveBlock
+AddBlock