Live Hacking Rules of Engagement

Live Hacking Event participants must strictly comply with all confidentiality guidelines, requirements and obligations related to the HackerOne Programs in which they participate. These guidelines apply to vulnerability information, customer information, policy or scope details, bugs, account information, or any other Program-specific information.

If the sponsoring customer requires an additional NDA or other contractual agreement for your participation in a Live Hacking Event, it is fundamental to respect these signed documents and comply with their requirements. Disclosing information in violation of confidentiality guidelines and/or applicable NDAs/contracts is strictly prohibited. Failing to comply will be a breach of your obligations to the customer and could result in direct action against you.

You must adhere to HackerOne Disclosure Guidelines available at the Disclosure Guidelines for all live hacking events.

Recording of any aspect of the event, without explicit approval, is not permitted for live hacking events. Show & Tell in any capacity is strictly prohibited.

Social Media guidelines specific to the event will be outlined in event documentation and must be adhered to.

Slack, the HackerOne platform, customer calls, and in-person communication are all used during the course of live hacking events. Through all communication channels, you should be responsive, professional, and respectful to customers, each other and HackerOne teams.

Discussing the details of vulnerabilities outside of the official channels is insecure and can result in sanctions or penalties against your H1 account.

Collaboration is a key element of live hacking events.

You will be working with other hackers, customers and HackerOne staff from different backgrounds, locations, and cultures. Be respectful to your peers and expect them to be respectful in return. Be open minded and do your best to win as a team.

As a participant in the event, you are expected to participate in all aspects of the event including ancillary activities and actively participating in the event’s program.

If a disagreement occurs, please use the proper communication channels and report any incidents to HackerOne-CodeofConduct@hackerone.com

Live Hacking Events occur globally. As a participant in the event, you must adhere to all local laws and location requirements while participating in the event. This includes travel, time at hotel, onsite at venues, and at any ancillary events.

Live Hacking Events have unique gamification elements: duplicate windows with special bounty splits, team collaboration and awards, challenges, qualifying CTFs and much more which could contain potential loopholes that could be exploited in ways that impede the spirit of the event. We require that you respect these benefits to continue to receive LHE invites.

There will be some situations in which you will know the targets for the live hacking event in advance of receiving the event invitation; in which you may elect to do pre-event recon for that program. We expect for you to be cognizant of traffic volume during the window. If you have access to the parent program, please review that policy and ensure you are following it for pre-event recon purposes. Failure to do so will result in a first warning.

If any of the provisions of these Rules of Engagement are held invalid or unenforceable by a court, or other legal proceeding, the remaining terms will remain in full force and effect, and the provision affected will be construed so as to be enforceable to the maximum extent permissible by law. These HackerOne Live Event RoEs, together with the Finder Terms and conditions, constitute the complete and exclusive understanding and agreement between us with respect to your participation in HackerOne Live Event Programs, and supersedes all prior understandings and agreements, whether written or oral, with respect to HackerOne Live Event Programs. If there is any conflict between the Finder Terms and Conditions and these HackerOne Live Event RoEs, these HackerOne Live Event RoEs will control. Any waiver, modification or amendment of any provision of these HackerOne Clear RoEs will be effective only if in writing and signed by HackerOne. These HackerOne Live Event RoEs may be executed in counterparts, each of which will be deemed an original, and all of which together will constitute one and the same instrument, and may be executed digitally through digital signature or online acceptance. The exchange of a fully executed document (in counterparts or otherwise) by facsimile signature or by other electronic means, such as by portable document format (.pdf) file, shall be sufficient to bind you to these terms.

Finders

This refers to the individual bug hunter that is performing security testing and reporting vulnerabilities on HackerOne’s platform.

Report details

Data in a report that includes payloads, custom built modules/tools, custom built scripts, or anything that could be considered unique or proprietary to the program or the report itself.