Pentagon Launches “Hack the Air Force” Bug Bounty Program

Following the good success of the “Hack the Army” and “Hack the Pentagon” initiatives, the U.S. DOD (Department of Defense) now announced the launch of the “Hack the Air Force” a new bug bounty program.

The “Hack the Air Force” will be Pentagon’s largest bug bounty project because as it is open to experts not only from the United States but also from Five Eyes countries. This includes the United Kingdom, Australia, Canada and New Zealand.

This program is run on the HackerOne platform and aims to help the Air Force strengthen their critical assets. The White hat hackers who report the vulnerabilities will be eligible for the monetary rewards, but exact amounts are not yet specified.

Only the vetted researchers can register. Military members and government civilians can also participate, but they’ll not earn any rewards.

“This is the first time AF has opened up their networks to such a broad scrutiny,” said Peter Kim, the Air Force Chief Information Security Officer. “We have many malicious hackers trying to get into our systems each and every day. It will be nice to have a group of friendly hackers taking a shot and, showing us how to improve our cybersecurity and our defence posture. The additional participation from our partner nations greatly widens the variety of experience available to find the additional unique vulnerabilities.”

Registration for the “Hack the Air Force” opens on this May 15. The event will take place from May 30 to June 23.

A total of 371 people have registered for the Hack the Army program conducted previously. They have submitted 416 vulnerability reports, 118 of which were classified as unique and actionable. Participants were awarded roughly $100,000.

Hack the Pentagon received 138 valid submissions and it cost the U.S. government $150,000, half of which went to participants.

source: securityweek

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers