Event Format + Logistics
How many people are coming?
Approximately 100 hackers and staffers will be in attendance.
Can I bring a friend to hack with me?
Can you invite X person? They missed the signup time.
No. The participants list was closed as of September 10th. The participation seats were carefully considered, and many opportunities were made available to ensure as broad an audience could join as possible. We encourage you and your friend to both apply for future Project Circuit Breaker events together.
Why do this in Lisbon?
The event planning team explored hosting the event in a variety of locations all over the world. Some factors that went into the decision included event management costs and ease of access for researchers and event staff (visas, travel time, time zone adjustments, etc).
Are people allowed to participate remotely?
No. We have designed this as an in-person event. If an emergency comes up (e.g. ill during departure day, visa issues, etc.), the Bug Bounty Team will review each case individually.
The event starts on October 6th, does that mean we can start submitting reports before arriving on-site?
Yes, as soon as we announce the target during the kickoff call, submissions will be open.
Will there be a dupe window?
Yes there will be a dupe window and the details will be announced during the kickoff call. There will be bounty splitting.
This is my first time attending a “live hacking event”, is there a brief info on what all happens during these events?
Are we supposed to do all the hacking offline at home? Isn’t a bit against the spirit of onsite live hacking events?
This event will follow the standard live hacking event: about 2 weeks online followed by a few days on-site. A detailed schedule is provided in the Rules of Engagement document and will be discussed during the kickoff call. Submissions open on the 6th and close on the 21st. The first 11 days of the event (Oct 6 – Oct 17) will include lots of content provided and hosted by Intel. Then, we have allotted approx. 36 hours for travel time, followed by 3 on-site days (Oct 19 – 21). On the 19th and 20th everyone is welcome to explore the hotel and surrounding area, and are encouraged to collaborate and make the most of the time and co-location with each other and the Intel and Intigriti team members. Additionally, we will be providing a variety of meal and social gatherings/activities during these on-site days. On October 21st, everyone will gather for the big finale day which will culminate in show & tell presentations and awards.
Has the transport to and from the airport been figured out, or is that something we figure out on an individual basis?
Transportation to and from the airport and all activities will be arranged for you. The hotel is close to the airport and there are a variety of ways to get between the two. When you arrive at the airport, look for an Intigriti employee who will help you get to the hotel. A detailed itinerary and instructions will be available closer to the event.
How will vulnerability scoring be handled?
We will be scoring on CVSS 3.1, as stated in the Program Terms. The Intigriti Triage team will be the first team to review and set a score. The Bug Bounty team and product team will also review the vulnerability and provide input to set the score. We urge hackers to submit your reports with a CVSS vector and include justification for the vector components to assist in that determination process. Intel will be the final decision maker on vulnerability scoring.