Getting Engineers Thinking Like Hackers

Hackathons are short, time-bound events (typically 1–2 weeks) bringing together product and security experts. Each uses their expertise to find security vulnerabilities within the product through all legitimate means available, to complement a structured security evaluation:

• Security experts provide guidance on a security-driven mindset and knowledge about how to break systems. This why Intel refers to this process internally as “thinking like a hacker by breaking what we build.” 
• Product experts provide intimate knowledge about the inner workings of the specific target product.

 

Results

Intel hackathons show high efficiency in identifying and addressing security issues in target products. We follow a closed-loop learning approach, meaning anything discovered is rolled into current and future products. 

It’s common for researchers to identify and recommend architecture changes or security countermeasures that aren’t supported in the product being evaluated. These suggestions are reviewed by the product team as part of post hackathon actions to update and improve next generation products. Post-hackathon review of the reported vulnerabilities can identify a specific feature or type of vulnerability that isn’t being detected during the regular security validation process. Security researchers often recommend testing tools or methodology that the product team should adopt to be able identify such issues. 

Thus, hackathons drive long-term improvements in product architecture and identifying issues with security validation done on the products.