jessica@hackerone.com

Live Hacking Event Invitations - 2022 Guide

h1-303 Poster

This is our all-in-one resource to provide transparency into our Live Hacking Invite metrics

Hello Hackers,

Live Hacking Events are an experience like no other: hackers collaborate and connect with security teams, each other and HackerOne.  2022 is our fifth consecutive year of live hacking events! We’ve seen events of all shapes, sizes and structures. Especially, as we pivoted to a virtual model in wake of the pandemic. As we have returned to in-person, we have explored how to take our events to the next level, while also keeping the safety and health of all in attendance in mind. You can read more about our COVID-19 protocols with this example from recent events.

HackerOne values all hackers in our community. We focus on the many different qualities and skills in every hacker in our global community. I wish we could invite each of you to participate in such a unique and exclusive event, every single time. At the end of the day, that isn’t feasible in any event structure, but as was noted in this blog, HackerOne’s Community Team values transparency and visibility as part of our core foundation. As such, we want to provide new details that will come into consideration for 2022 Live Hacking Event invitations.

The quantity of participants changes event to event based on scope, structure, venue, and a number of other factors. A traditional live hacking event will have 50-60 hackers participating, with a bulk of those attending in-person. Multi-customer events like h1-702 will have an increased number of participants, but will maintain the same ratios outlined below for each category of invitation.

No matter which category a hacker earns their invitation through, they must also meet the following:

  • No Code of Conduct violations or active mediation investigations within the last 12 months. Educational messages or first warnings will be evaluated individually by an internal HackerOne review team, taking into account severity and frequency. For instance, if you have consistently received educational reminders for similar topics in the last year, it could negatively impact your invitation qualification even if they were not formal warnings.
    • Note: In the case where customers request a specific hacker, we may partake in additional review to see if an exception can be made, pending the severity or frequency of previous Code of Conduct violations
  • Not located in a region that is under sanctions
  • Eligibility to enroll in HackerOne CLEAR Program (current enrollment OR ability to pass/enroll in CLEAR Program upon acceptance of invitation)
  • Historical experience will be evaluated. If a hacker accepts an invitation, but does not participate in the event, they could no longer be eligible for future invitations
    • Note: if a hacker is unable to fully participate in the event, we encourage them to decline the invitation. We promise, any decline of invitation to participate will not affect any future invitations. The health of our hackers is always a priority for HackerOne and as such we empower you to make the best decision for your physical and mental health
  • Consistency in behavior will also be evaluated. LHEs are highly competitive, extremely timeboxed and high-pressure events with an amazing amount of human connections. If HackerOne mediation and community teams feel that a hacker is unpredictable and at risk of unprofessionalism based on historical experience, they may determine they are uneligable for a future invite
top hackers

Keep hacking to meet these signal, impact and reputation requirements! The higher volume of high impact reports you have every 6 months, the higher the chance you will receive an invite.


prog top

This means that if we announce a LHE target for July in January, you have the potential to focus on that program and earn your invitation! We will pull invitation stats ~1.5 months from LHE start date.


customer top choiceComms choiceprev live hackcustom

For those interested, check out our Brand Ambassador Program and join up with hackers near you!


Key items to note:

  • Hackers can fit into multiple sets of criteria - If a hacker fits into a Top Hacker list, they may also fit into a Program Top Hacker list. An LHE Award Winner may also be a Top Hacker.
    • Because of this, we will pull our "Top Hacker" list last to give as many opportunities to our Community as possible.
  • Some invitations may be virtual - The pandemic has and will continue to impact events and venues in various ways. This may mean that some hackers based on the above receive a virtual-only invitation. If this happens, we’ll try to ensure you get an in-person next time!
  • HackerOne reserves the right to determine who we invite/do not invite to an event - we may or may not be able to disclose the deciding factors on a case-by-case basis, but we will do our best to be transparent with each person receiving an invite what qualifies them.  
  • Past participation in a Live Hacking Event does not guarantee an invitation - HackerOne will review and build each event invite list with fresh eyes and open considerations.
  • Criteria for invitations will be evaluated throughout the year - HackerOne will continue to review the metrics for invitations and may decide to update or adjust the criteria to ensure Live Hacking Event and Hacker Community success.
  • All invitees may opt-in to participate virtually - if an in-person invitee is not able to/does not wish to travel, they will be given the option to participate virtually.
  • Active Participation - We would love to be able to invite everyone to attend and participate, but it is an impossibility. Invitations to participate in a Live Hacking Event are a privilege. Should you NOT actively participate in the event after accepting an invitation, HackerOne will reevaluate eligibility for future invitations.
  • Previous Performance - Previous performance at live hacking events will be evaluated for future invitations. Should you not maintain professional behavior, both in report communications and with in-person interactions with your peers, guests, HackerOne, or customer staff, you may not receive future invitations. Read more about LHE Participation Rules

Along with the transparency about live hacking invitations, HackerOne is also taking the continued challenge of COVID-19 and the safety and health of all in attendance as a serious priority for the year. We continue to monitor the status of COVID-19 and the restrictions in place as we review locations and travel. We are taking the steps we feel necessary to ensure the safety and health of all our attendees. Should you be selected to attend in person, you will receive additional information and requirements that HackerOne has in place for the event. 

We hope to be able to see you at an event this year and beyond!!!  Thank you for being an amazing Community!

#togetherwehitharder

Happy Hacking!

Jessica Sexton and Caitlin Allison

 

Revision: 6.28.2022 to provide additional clarity on CoC reviews


 

The Ultimate Guide to Managing Ethical and Security Risks in AI

AI Ebook