HackerOne, the leading hacker-powered security platform, today announced the results of a Live Hacking event held in London earlier this month. For the third year in a row, Uber partnered with HackerOne to invite more than 50 proven bug bounty hackers from all over the world to hunt for security weaknesses for a chance at earning between $500 to $50,000 for each valid finding. These awards, known as bounties, were paid in real time during the 8-hour engagement, earning hackers $375,000 for their contributions to safety.
“Working with hackers to find and resolve vulnerabilities is an important part of Uber’s ongoing commitment to safety, which includes the security of our products,” said Lindsey Glovin, Bug Bounty Manager at Uber. “Our relationship with the research community is critical to the success of our bug bounty program and live hacking events give us the opportunity to thank them in-person while amplifying the value they contribute to Uber’s security efforts.”
“It truly was an absolutely amazing day,” British hacker Tomnomnom, who won this event’s Most Valuable Hacker award, remarked. “The atmosphere, the findings, and most of all: the people; the whole community is the most welcoming and supportive I’ve ever had the fortune to be a part of. The feeling when I got a big payout and half the people in the room rushed to congratulate me is one that will stay with me for a very long time. And to win the Most Valuable Hacker award on top of that? It’s just indescribable.”
Uber launched its public bug bounty program on March 2016 and to date has worked with more than 600 proven hackers to identify over 1,100 security weaknesses, improving the safety of Uber’s platform. Over the course of the one day live hacking event, 150 bugs were identified and triaged by Uber, adding both immediate security improvements and valuable feedback for their ongoing secure software development lifecycle program.
For the first time in London, HackerOne hosted a mentoring track in during the Live Hacking event to teach aspiring hackers to identify security weaknesses. HackerOne is committed to nurturing and growing the diversity of its hacker community, and supporting aspiring hackers is an invaluable component in achieving this.
“It’s important to us to identify and develop diverse new hacker talent,” said Laurie Mercer, HackerOne Security Engineering Lead. “The mentoring track helps us encourage the next generation of hackers to try their bug hunting skills, and provides one on one training and on-site mentoring to help introduce less experienced hackers to the common tools and techniques. This year is the first time that a mentee has actually found, not one but two, bugs, proving that beginners with a fresh pair of eyes can make a big difference.”
HackerOne’s next live hacking event will be held in Las Vegas, USA on August 8-10.
For more on Uber’s bug bounty program visit: https://hackerone.com/uber
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Microsoft, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,400 other organizations have partnered with HackerOne to find over 120,000 vulnerabilities and award over $57M in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, and Singapore.