September 1, 2020

H1-2010 How We Got Here

Note: Verizon Media is now known as Yahoo.

7 posters

H1-2010: How We Got Here

The Paranoids’ bug bounty team is so excited to open up about this brand new event format. In some ways, you could say that we have been working towards this moment, this specific event, since November 2017. 

At that time, our multiple bug bounty programs began the process of integrating all the disparate pieces down to one platform, operated by one team of analysts. Almost two years later, we began planning specifically for our September 2020 live hacking event series in July 2019 and at that point it had a wildly different look to it (no spoilers!). However, when the global COVID-19 situation began affecting our company directly, we had a conversation on the curb outside of H1-415-2020 that altered the course of our entire year; with an on-the-spot team vote, travel was canceled for 2020 and so began our creative process to morph the epic plans we had into what we now see as their virtual counterparts. 

As we executed the plans for our H1-2004 virtual event, designs and concepts that worked in the virtual format were kept, and some things that didn’t work as well were left on the cutting room floor; there was one thing though, one huge thing we set in the center of this event design and made sure that every decision we make works to bolster this single core idea: inclusion.

You see, H1-2004 was originally designed as a physical live hacking event because there were physical limitations in place on the side of Verizon Media and The Paranoids. We had a limited number of test accounts, and to access them you needed to be located within certain geographical boundaries; perfect for a classic live hacking event format. In the six weeks leading up to the event, we worked with our amazing product engineers to develop workarounds, but they needed to be closely monitored and could not be deployed securely at the scale required for a worldwide event. Though we were happy to change the event into a virtual format, we could not lift the participation restrictions at all. And, as we expected, because we announced the event format change and our “Hacker of the Day” shout outs on Twitter, the most memorable responses we received looked like this:

Well, we heard you! That sentiment fed directly into the planning process for this event morphing it again from the plans we began developing in 2019. 

This time you are invited. You, the one reading this, and your best friend, and that stranger that you saw driving the other way yesterday. Everyone in the world is invited* to participate in this event. Register Here.
*Applies to the H1-2010-Open event only, if you register, then you can participate.

All Together Now

We know that all our hackers who knew our program were super talented, and that led to the theory that when we push them to work together, they could collectively produce more & better results; that is a major proposition of the live hacking event formula, and we thought we could ratchet it up to 11. In November 2018, we pioneered the idea of Teams hacking together with our H1-212 (New York) event where we invited our top 32 hackers from the history of our program (2013 - 2018) into a 3-day, 8-team live hacking gauntlet. The results showed us, but more importantly, it showed the hackers, “Yes! Collaboration is in everyone’s best interest!” There were some basic features needed on the HackerOne platform that were piloted for the event, and HackerOne went back to polish it all later, which is now called Collaborators on the platform.  Almost two years later, we still see hackers collaborating with each other, some of whom have formed deep and lasting relationships, and even gone as far as to define a team charter for what and how they work together.

We are about to begin what is possibly the largest and most ambitious live hacking event ever.  It is so big, we are actually treating it as three separate events, each with invitation criteria, exclusive swag, awards, community events, and of course, unique scope. We wanted to make sure that you get significant progression in challenge, accomplishment, and prestige as you work through each event in the series, culminating in the crowning of a World Champion (ring included) of the Verizon Media bug bounty program. 

To everyone who has participated in our bug bounty program,
THANK YOU and keep it up!
-- The Paranoids