Getting Engineers Thinking Like Hackers
Hackathons are short, time-bound events (typically 1–2 weeks) bringing together product and security experts. Each uses their expertise to find security vulnerabilities within the product through all legitimate means available, to complement a structured security evaluation:
- Security experts provide guidance on a security-driven mindset and knowledge about how to break systems. This why Intel refers to this process internally as “thinking like a hacker by breaking what we build.”
- Product experts provide intimate knowledge about the inner workings of the specific target product.
Goals of Conducting a Hackathon
- Improve product security through security findings and mitigation and architecture/design hardening.
- Increase security know-how and build an extensive community of practice through immersive, hands-on security experience.
- Improve security tools and training by driving key learning (technical and process) and application of tools back to product teams as well as security governance, tools, and Security Development Academy teams.
Intel hackathons show high efficiency in identifying and addressing security issues in target products. We follow a closed-loop learning approach, meaning anything discovered is rolled into current and future products.
It’s common for researchers to identify and recommend architecture changes or security countermeasures that aren’t supported in the product being evaluated. These suggestions are reviewed by the product team as part of post hackathon actions to update and improve next generation products. Post-hackathon review of the reported vulnerabilities can identify a specific feature or type of vulnerability that isn’t being detected during the regular security validation process. Security researchers often recommend testing tools or methodology that the product team should adopt to be able identify such issues.
Thus, hackathons drive long-term improvements in product architecture and identifying issues with security validation done on the products.