Blue teams have to provide three privacy scenarios. Do we need to attack all three scenarios? Or does the score eg. get lower if we implement an attack that is only applicable/good for the lowest privacy setting? We are currently assuming the second, but would like to know if we have to attack all of them
The “Effectiveness” and “Applicability” of the attacks are evaluation criteria for red teams. All else being equal, a red team submission that more thoroughly and/or effectively tests a blue team solution will indeed have a stronger performance in evaluation.