Get Invited: How Live Hacking Event Invites Have Changed
HackerOne Live Hacking Events are back!
We wrapped a tremendous year of events for 2022 where we saw some amazing success. Some of the most notable:
- Six customers partnered with us across five live hacking events!
- $4.9M+ in bounties rewarded
- 311 hackers participated
We got to reconnect with many old friends and new faces as we came together in new cities for an incredible return to in-person events! So what does that success mean for our 2023 live hacking events and for hackers earning an invitation to one of our flagship events?
We always strive to grow and improve our program, and invitations will continue to be a huge component of this. Our goal is to ensure that all hackers in our community have a clear understanding of what they can do to qualify and set personal goals in alignment. We appreciate everyone in our community who continues to give us feedback so we can continue to advance this program!
Before we dive into the new criteria and estimated # of hackers w/in each “bucket”, we remind all our researchers that regardless of what criteria you qualify with, all hackers must meet the below requirements:
- A hacker should have no Code of Conduct Violations or active mediation investigations in the past 6 months brought on by a customer or HackerOne. We review each researcher internally to ensure that we note any past actions and evaluate the severity and frequency of the actions.
- This review includes educational messages or first warnings and will be evaluated internally by a HackerOne review team. For instance, if you have consistently received educational reminders for similar topics in the last year, it could negatively impact your invitation qualification, even if they were not formal warnings.
- Note: Similar to 2022, In the cases where customers request a specific hacker, we may partake in additional review to see if an exception can be made, pending the severity or frequency of previous Code of Conduct violations.
- NOT located in a region under sanctions.
- Past Live Hacking Event inactivity - Our live hacking events are highly competitive and time-sensitive. Should you accept an invitation to a live hacking event and not actively participate, you could lose future opportunities for invitations.
- Consistency of behavior will continue to be evaluated. Respect and professionalism will go a long way to continue to grow the LHE opportunities and ensure that all involved (HackerOne Staff, Customer Staff, and fellow researchers) have a successful and positive experience. Suppose the HackerOne mediation or community team feels a researcher's behavior is unpredictable or at risk of being unprofessional based on historical experience. In that case, HackerOne may determine that they are ineligible for an invite.
To help provide the most opportunities to the most researchers, the invitations for events are fulfilled in the following order:
Up to 5 researchers |
|
Up to 5 researchers |
|
Up to 10 researchers |
Note: we will pick up to 10 of the top researchers from a combined list of the past 3 live hacking events. |
Up to 10 researchers |
|
Up to 10 researchers |
Note: this can also include the hackers that performed very well in the customer’s previous live hacking events. |
Up to 5 researchers |
Note: This doesn’t mean the hacker is new to the platform and does not include public LH events. |
Up to 3 researchers |
Note: One doesn’t need to have an H1-elite comic cover to fit in this category. |
Up to 10 researchers |
|
Up to 10 researchers |
|
Up to 10 researchers |
Note: Depending on the location where the event is being hosted, we might not have any hackers from this category. |
Up to 7 researchers |
Note: Plus One Nominated researchers will be required to fund their own travel and accommodations to live hacking event (but are welcome to room share with the hacker who nominated them, if both agree!). |
We have broadened the criteria for researchers to be eligible for an event by expanding the categories, or "buckets," in which they can be considered. This is to provide more opportunities for a wider number of researchers to earn an invitation. So let’s break down some of the new items for 2023 invitations:
If you do not currently have the bandwidth to participate fully or have concerns about travel for an event, please do not hesitate to let us know immediately. Feel free to decline the invitation or RSVP to participate virtually. Declining an invitation to participate will not affect any future invitations. The health of our hackers is always a priority for HackerOne, and as such, we empower you to make the best decision for your physical and mental health.
Declining an invitation will not affect future invitations. HackerOne will do our best to ensure that you receive a future invitation in the calendar year. We cannot promise one for the next event, but we commit to inviting you to a future event that best aligns with your skillset should you be unable to participate.
Note: declining an invitation does not allow you to nominate another hacker to participate in your place.
There are more opportunities than ever before to qualify for an invitation, and we are excited to head into our packed schedule of events with new chances to connect and grow our hacker community! The HackerOne Live Hacking Events program has grown into a wonderful way to provide direct engagement between our customers and researchers. Without your dedication, effort, and incredible skill, we would not be able to do this - so thank you!
The dates and locations for our 2023 calendar will be announced soon! Keep an eye out for what’s to come.
HackerOne is only as strong as our community, and we are proud of the time, commitment, and hard work that you all have put into making our community what it is today. We cannot wait to see you on the road next year and look forward to continuing to work with you to make the internet safer for all!
The 7th Annual Hacker-Powered Security Report