While this may still seem unbelievable, HackerOne, the leading hacker-powered security platform, today revealed the outcome of a Live Hacking event which they held in London early in June.
For the third consecutive year, Uber has partnered with HackerOne to bring in over 50 proven bug bounty hackers from all across the globe to thoroughly search for lapses in security. They were to do this for a chance at earning money; a range of $500 to $50,000 for every valid finding. These awards, referred to as “bounties” were paid upfront in the course the 8-hour engagement; letting hackers earn up to $375,000 for their contributions to safety.
Bug Bounty Manager at Uber, Lindsey Glovin, reported that working hand-in-hand with hackers to identify and solve vulnerabilities is an essential part of Uber’s current commitment to safety, including the security of their products. Lindsey said that their relationship with the research community is crucial to the successful outcome of their bug bounty program and live hacking events provide them with the chance to thank them in-person and at the same time increase the value they add to Uber’s security efforts.
British hacker, Tomnomnom, who received the award for the Most Valuable Hacker of the event said that it was indeed an amazing day. He spoke on how the findings, the atmosphere, and mostly the people (the entire community) is the most supportive and welcoming he was ever fortunate to be amongst.
Uber started up its public bug bounty program in March 2016 and up till now, Uber has worked with over 600 proven hackers to uncover more than 1,100 security weaknesses, enhancing the safety of Uber’s platform. Through the duration of the one day live hacking event, 150 bugs were noted and triaged by Uber, summing up both immediate security improvements as well as valuable feedback for their current secure software development lifecycle program.
For the very first time in London, HackerOne was the host for a mentoring track in during the Live Hacking event to tutor potential hackers to not security weaknesses. HackerOne has a commitment to nurture and grow the varience of its hacker community, and support potential hackers is an invaluable component in reaching this feat.
Laurie Mercer, HackerOne Security Engineering Lead reported how essential it is to note and build diverse new hacker talent. The mentoring track assists them support the future generation of hackers to attempt their bug hunting skills, as well as provide individualized one training and on-site mentoring to assist in introducing less experienced hackers to the common tools and techniques. Laurie reported that this year is the first time which a mentee has found up to two bugs; confirming that starters with a fresh pair of eyes can amount to a big difference.
The next live hacking event by HackerOne will be held in Las Vegas, USA from the 8th to 10th of August.