johnk

Over 75 vetted hackers from across the globe to look for vulnerabilities across international defense systems and Verizon Media

SAN FRANCISCO — November 6, 2019 HackerOne, the leading hacker-powered pentest and bug bounty platform, today announced its final live hacking event for 2019, h1-213. The event will be taking place in Los Angeles, California from November 7 to November 8, 2019. Over 75 vetted hackers from around the world will gather to help discover and disclose vulnerabilities in U.S. Air Force and Verizon Media systems and software in exchange for monetary awards, or bounties. In addition, the UK’s Ministry of Defence will also expose a specific asset for testing as part of their pilot bug bounty challenge. 

At h1-213, vetted hackers will be invited to discover vulnerabilities in the U.S. Air Force’s Virtual Data Center, a specific Ministry of Defence system, and certain Verizon Media web assets and internal tools. HackerOne’s live hacking events (LHE) are in-person bug bounty engagements where a diverse group of skilled hackers are invited to look for security flaws on specific assets in exchange for a bounty. During the event, hackers and target organizations’ security teams work side-by-side to identify, validate, and award finders for reported security vulnerabilities. With scope open for a set period of time, hackers are encouraged to partner and collaborate with one another to penetrate systems and find vulnerabilities. 

In partnership with HackerOne, organizations have paid out over $3 million in bounties to hackers over six live hacking events, this year. Thirty percent of the vulnerabilities found have been deemed high to critical in severity on average. In fact, at a recent live hacking event, h1-702 in Las Vegas, hackers earned a record-breaking $1,902,668 in bounties at the end of the three days, $1 million from Verizon Media alone. HackerOne has been a trusted repeatable partner for the Department of Defense, with collaboration from 500,000 hackers worldwide. Since the launch of Hack the Pentagon over three years ago, the U.S. Department of Defense has resolved over 12,000 vulnerabilities thanks to ethical hackers, boosting its security across defense divisions 

HackerOne has hosted 38 days of live hacking, across 20 events, with 13 different customers, including the U.S. Marine Corps, U.S. Air Force, Dropbox, GitHub, Uber, Verizon Media, Shopify and others in 12 cities around the world. 

Alongside live hacking, HackerOne will also be hosting a hacker-in-training mentorship program — dubbed Community Day — during h1-213 in partnership with Women’s Society of Cyberjutsu and OWASP Los Angeles. As part of the Community Day, non-binary and women-identifying individuals are invited to partake in a hands-on hacking workshop and hear from an all female hacker panel featuring Lisa Jiggetts, Founder & President, Women's Society of Cyberjutsu; Dawn Isabel, Security Researcher, and bug bounty hunter Katie Paxton-Fear. HackerOne hopes to encourage more women and non-binary identifying hackers to join and participate in the cybersecurity community, and hosting Community Days during LHEs is a core part of this initiative.

“Our tagline, “Together We Hit Harder” is born of the belief that when hackers and security teams are connected, security improves. Nothing captures that truth better than live hacking events,” said Luke Tucker, HackerOne’s Senior Director of Community. “At h1-213, we’re thrilled to introduce hackers to new scope and connect customers with the hackers who make their users safer.”

Invitations to live hacking events are broken down into three main categories: critical report submissions, consistency of quality findings, and community involvement. Depending on the event, there is also a geographic consideration and mentorship element. For more information on what LHEs are, how hackers can increase their chances of being invited to hack, and where we see these events expanding, visit: https://www.hackerone.com/blog/live-hacking-events-stats-invitations-and-whats-next