RHoKSec stands for Random Hacks of Kindness (Cyber) Security. This hackathon series is devoted to improving the security of humanitarian open source technology and to creating tools that support personal security and privacy.
RHoKsec Hackathon Methodology
The RHoKsec hackathon model varies from the ordinary hackathon model. The focus is not necessarily on creating new technology, but instead on testing, code review, and fixing bugs in existing civic and humanitarian technology projects. As such, the RHoKsec model includes the following types of activities:
Lab-based testing of existing projects
Security-focused code review
Bug fixing teams
Challenges to create new security software, or to create new features in existing open source security software.
Development of educational materials to support better security knowledge across disciplines (system and network administrators, programmers, management, professional end users, children, and families)
The product of the first two of these challenge areas is not software, but rather a report of findings. The RHoKsec organizers provide a findings report template for the teams. Security vulnerabilities are described in the reports, with recommendations for fixes where appropriate. At the end of the event, the reports will be sent to a representative of the project development team encrypted with PGP. Teams are also encouraged to post bugs to the project’s bug tracking system as long as reporting will not present a security threat. Challenges may also be submitted to meet specific security needs in hardware, software or education.
Requirements to be a RHoKsec project
New projects submitted must meet the following criteria (all previous RHoK projects automatically qualify):
The project must have a broadly humanitarian use or application (civic engagement, disaster response, medical, environmental, educational, etc)
The code should be open and freely available, distributed under one of the licenses listed at http://opensource.org/licenses or another license which meets the critera in the Open Source Definition at http://opensource.org/osd
The project should have an active developer or development team to report to.
The definition has been left deliberately broad in order to allow for maximum engagement and to encourage commercial enterprises to participate. The project must have a supported existence outside of the event in order to ensure that identified problems can be addressed.
In 2013, a team of RHoK volunteers in Scotland developed a new variety of hackathon to address the security needs of humanitarian projects that were being developed and deployed in the rest of the RHoK community. This new type of event was intended to give cybersecurity students, professionals and enthusiasts an opportunity to practice the skills they were learning while providing a valuable service to projects in support of humanitarian work. The first RHoKsec was held in Glasgow, Scotland in September of 2013.
Opportunities for Sponsors
RHoKsec provides valuable opportunities for sponsors who would like to support improved security awareness among developers, users of their products, and the general public. In addition to the usual branding visibility opportunities such as logos on t-shirts, banners in the event space, and brand-specific prizes, sponsors can present challenges to test or improve existing open source projects or to create new security-focused tools using their software and/or APIs.