By: Kara Mahoney
This year’s Hack the World competition is complete! Between October 18th and November 18th, we received 43 reports from 16 unique researchers as participants competed to improve our security and earn a top spot on the leader board. Thank you to all who contributed! We’ve been hard at work on triage and resolution.
As announced, we’re awarding the top report with double its bounty (up to $5000), and the two honorable mentions will take home $1000 bonuses.
Top Report
The award for top report goes to geeknik for a fascinating data parsing issue in one of our libraries. Additionally, they submitted 20 of the 43 reports we received. Every report was excellent and put a number of our libraries that rarely see HackerOne activity to the test.
Honorable Mentions
Our first honorable mention goes to wangela for outlining a way in which some mobile developers are using our tools without following best security practices. It was detailed, well researched, and initiated some great discussion about how we can further encourage secure use of our tools and improve documentation.
Our second honorable mention goes to sahilsaif for a subdomain takeover that highlighted a very tangled CNAME misconfiguration. They are a regular contributor to our HackerOne program, and we appreciate their continued consideration of our security.
Thanks to all!
Thank you again to the security researchers who participated in this event and kept Mapbox in mind. And, as always, many thanks to the team at HackerOne for organizing great events like this one.
Learn more about our bug bounty program
Sign up on HackerOne and check out our program page for more information.
You can read more about security at Mapbox, our vulnerability disclosure process, and past security bulletins. And don’t forget to check out our jobs page, we’re hiring!
Hack the World retrospective was originally published in Points of interest on Medium, where people are continuing the conversation by highlighting and responding to this story.