Nearly 150 security vulnerabilities found during Hack the Marine Corps Bug Bounty Challenge

ARLINGTON, Va. The U.S. Department of Defense (DoD) and HackerOne, the leading hacker-powered security platform, announced the results of the DoD’s sixth public bug bounty program.

Over the 20 days of the Marine Corps' bug bounty challenge -- which invited over 100 ethical hackers to test public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN) -- hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team. Those who found proven vulnerable points were awarded a total of more than $150,000 for their contributions.

Tanner Emek, one of the participating hackers, said of the event: “It was great having the opportunity to work side-by-side with the Marines to help secure their assets. These are my favorite types of programs to be a part of, because they allow me to have a massive impact on systems critical to national security.”

Hack the Marine Corps is part of the Hack the Pentagon crowd-sourced security initiative with the DoD’s Defense Digital Service (DDS) and HackerOne, a company that was specially selected by the DoD to run the first Hack the Pentagon program in 2016. More than 800 valid vulnerabilities have been reported through the Hack the Pentagon bug bounty program.

The hacking does not end when the challenge concludes: Any hackers who become aware of vulnerabilities in any DoD assets can safely disclose them to the DoD through its ongoing vulnerability disclosure program (VDP) with HackerOne; the DoD launched VDP in 2016 to provide a legal outlet for security researchers to find and disclose vulnerabilities in any DoD public-facing systems. Since its launch, more than 5,000 valid vulnerabilities have been reported in government systems through the vulnerability disclosure program.