2024 Live Hacking Events | HackerOne


Before we dive into invitations for 2024 and the new criteria and estimated number of hackers within each “bucket,” we remind all our researchers that, regardless of what criteria you qualify with, all hackers must meet the below requirements:

  • A hacker should have no Code of Conduct Violations or active mediation investigations in the past six months brought on by a customer or HackerOne. 

Note: HackerOne reserves the right to make case-by-case exceptions to CoC violations, depending on the severity and context of the issue.

  • A hacker cannot be located in a region under sanctions.
  • Active participation in any invited events — lack of participation in previous events may affect future invitations.
  • A hacker is expected to consistently showcase positive behavior. 

Respect and professionalism will go a long way to continue to grow the LHE opportunities and ensure that all involved have a successful and positive experience. 

The HackerOne Live Hacking Events program has grown into a wonderful way to provide direct engagement between our customers and researchers. Without your dedication, effort, and incredible skill, we would not be able to do this — so thank you! 

HackerOne is only as strong as our community, and we are proud of the time, commitment, and hard work you all have put into making our community what it is today. We cannot wait to see you on the road next year and look forward to continuing to work with you to make the internet safer for all!

Below is our invitation structure for 2024 Live Hacking Events:

2024 Live Hacking Events Invitation Structure

These numbers are approximate and can vary by event — all decisions are subject to HackerOne discretion.

Every Live Hacking Event can have between 50-100+ researchers invited, depending on the event, location, structure, and participating programs. The amount of hackers invited within each bucket below will shift slightly based on factors such as: 

  • Proficiency of skills required to be successful in alignment with scope
  • Location of event and/or capacity flexibility 
  • Industry Conference alignment (e.g., Defcon, Blackhat, etc.)
  • Number of participating customers
  • Restrictions or requirements for Customers (e.g., H1 Clear)

ALL live hacking event invitations will be evaluated using the below criteria:

  • SIGNAL: > or = 5
  • REPUTATION: minimum of 1,000 points
  • No Code of Conduct violations in the past six months* see above for further details
  • Professional interactions within the platform — especially with HackerOne and Customer team members
  • No sanction-related concerns
  • Past Live Hacking Event activity/engagement
  • Event Scope/Skills Associated

To help provide the most opportunities to the most researchers, the invitations for events are fulfilled in the following order:

Up to 10 researchers

  • Customer selected/recommendation – researchers requested directly by the participating customer. The reasoning is at their discretion, and it may not be based on top performance!

Up to 10 researchers

  • Top Customer Programa combination of customer top program hackers based on lifetime achievements + recent earnings

Up to 20 researchers

  • Past Live Hacking Top Performers (including collabs) – researchers who have been top performers at last 3 live hacking events, evaluated in total bounties. This may also include those who have received an award (not bonus) from the previous 2-3 live hacking events
    • Most Valuable Hacker
    • 1st – 3rd Place (in bounties) 

Note: we will pick up to 20 of the top researchers from a combined list of the past 3 live hacking events. 

Up to 10 researchers

  • HackerOne Platform Performers in Last 180 days – researchers with  75% or greater submission rate of high/critical (and more than 5 total high/criticals in that timeframe) reports. The list is prioritized by total rewards in the last 180 days.

Up to 10 researchers

  • Community Choice – researchers selected by the HackerOne Community team who have shown positive engagement, criticality, and consistency within the community.

Up to 3 researchers

  • New to Live Hacking Events – researchers who have shown criticality, consistency, and contributed to the community across HackerOne platform but have not participated in a live hacking event previously. Hackers must meet below criteria:
    • > or = 5000 reputation
    • > or = 5 Signal 

Note: This doesn’t mean the hacker is new to the platform and does not include public LH events.

Up to 10 researchers

  • Top Skillset – researchers selected based on top skills needed that align with the host customer scope. E.g: if the scope includes hardware assets, hardware hackers will be invited.

Note: This criteria can also include the hackers that performed very well in the customer’s previous live hacking events. 

Up to 3 researchers

  • H1 Elite – researchers that have shown outstanding performance across their journey at HackerOne. 

Up to 10 researchers

  • Plus One Nominations – researchers nominated by invited researchers. All nominations will be evaluated based on platform performance and alignment with events’ scope or goals. Additional notes:
    • Plus One Nominated researchers will be required to fund their own travel and accommodations to live hacking event (but are welcome to room share with the hacker who nominated them if both agree!).
    • Multiple nominations does NOT increase priority to ensure consistency and fair review

Up to 5 researchers

  • Geolocation-Based Hackers – Hackers invited based on region of the event, geolocations for the assets in scope/accessibility reasons, or in alignment with Community recruitment or Customer’s program recruitment goals.

Note: HackerOne does NOT cover hotel/travel costs for geo-based hackers unless specified during the event. Additionally, depending on the location where the event is being hosted, we might not have any hackers from this category.

We review our invitation methodology frequently and adjust as needed. Our most recent adjustments were made to provide consistent opportunities to our community, no matter their experience level. 

Declining an Invite

If you do not currently have the bandwidth to participate fully or have concerns about travel for an event, please do not hesitate to let us know immediately. Feel free to decline the invitation or RSVP to participate virtually. 

Declining an invitation to participate will not affect any future invitations. The health of our hackers is always a priority for HackerOne, and as such, we empower you to make the best decision for your physical and mental health.

If you have declined an invitation, the community team will do their best to ensure that you receive a future invitation that best aligns with your skillset in the same calendar year. However, We cannot promise that the invite will be sent during the next event. Please understand that declining an invitation does not allow you to nominate another hacker to participate in your place.

Thank you, 
HackerOne Commuity Team



Source link