We targeted a few members of the R&D (big shout out to Frederic Boutin) with affinities towards security and met with them to get their input on how we could do this. Their feedback was unanimous we need to press the competitive button in every developer’s mind and have them test their hacking skills on their fellow’s code. Next thing you know, we were all set for Coveo’s first Hack-a-day!
Akin to the format of a hackathon, the security team held a presentation a few days before the big day to showcase a few live demos of hacking exploits and vulnerabilities. There’s nothing better than to put everyone in the “swordfish” state of mind. We got plenty of suggestions, attack strategies, and got to test a few interesting tools. We demystified the whole challenge and ensured that all participants were thrilled about it.
Then on the big day, it was time to become “one-day Hackers” and get our magic going on our own products. The room was packed with all-star developers from all trades (front-end and UI, Back-end services, etc.) that shared the same leitmotiv: Looking for vulnerabilities, exploits or any others issues! What was even more incredible was the way the team came together. We expected to have several teams in competition but after a few hours, we realized it was one large team who worked together and helped each other out! We had a great team lunch, and there was definitely a lot of caffeine (and Theine) involved.
This initiative was a clear success on multiple fronts. We turned a serious matter into a fun, hands-on team building experience. The bond was strengthened between developers and we got to discover the each other’s pieces of code at the same time.
And since I know you’re dying to know… yes we discovered issues and fixed them quickly after! We expected nothing less from our world-class team. A few colleagues I chatted (for the first time) once the Hack-a-day was over and it was evident that our efforts have changed their perception of writing and reviewing code in the future. That’s definitely the outcome we wanted!
We didn’t give away special prizes during the day, but let’s say the biggest perk for the participants is the “get out of the annual security awareness training session” card we handed out to them over a beer at happy hour.
Since it was a big success, we are going to make this an annual event for sure, probably more than once a year! We’ll continue to improve by building some hype and enhancing the format to generate even more participation next time around. We’ll keep you posted on the second edition too!