Hack the Air Force concludes reporting 207 resolved vulnerabilities
SAN FRANCISCO. HackerOne officials released the results of the Hack the Air Force bug bounty program. White-hat hackers found 207 valid vulnerabilities and more than $130,000 in bounties where awarded. This is the first time that the bounty challenge was open to international hackers, which welcomed participants from United Kingdom, Canada, Australia, and New Zealand.
Hack the Air Force follows two previous bug bounty challenge partnerships with the Department of Defense (DoD) that include Hack the Pentagon and Hack the Army. The Hack the Air Force challenge ran for 24 days from May 30, 2017 through June 23, 2017. It engaged 272 vetted hackers to scour its public-facing IT domains for security vulnerabilities, awarding financial incentives between $100 and $5,000 per valid vulnerability reported.
Two participants in the program were active duty military personnel and 33 participants came from outside the United States. Top participating hackers were under 20 years old, including a 17-year-old who submitted 30 valid reports and earned the largest bounty sum during the duration of the challenge.
The diverse pool of Hack the Air Force participants contributed to the program’s success and unprecedented results. With 207 valid vulnerabilities disclosed, Hack the Air Force was the DoD’s most successful bug bounty program to date, officials say. The first vulnerability was reported in less than one minute. Within the first 24 hours, 23 valid reports were submitted. The first federal bug bounty program, Hack the Pentagon, resulted in 138 valid vulnerability reports and the second program, Hack the Army, culminated in 118 valid reports.
While the Hack the Air Force challenge is now closed, any hackers who become aware of vulnerabilities can disclose them to the DoD through its ongoing vulnerability disclosure program on HackerOne.
Read more on cybersecurity:
U.S. Army Research Lab grants ICF $93 million to handle defensive cybersecurity operations
Establishing a root of trust: Trusted computing and Intel-based systems
Researchers discover burstiness and strong memory combination in cyber intrusions