The U.S. Department of Defense (DoD) recently concluded the fourth edition of its venerated bug bounty program, “Hack the Air Force 4.0.”, which was intended to discover and disclose vulnerabilities within the Air Force Virtual Data Center. The four-week-long event, ran from October 23 to November 20, 2019, was jointly created by the DoD, the Defense Digital Service, and vulnerability disclosure company HackerOne. Around 60 ethical hackers reported over 460 vulnerabilities and earned more than $290,000 in the bounty challenge.
The bounty program also featured a specific asset from the U.K. Ministry of Defense, and gave hackers a chance to collaborate with peers and military personnel to discover vulnerabilities in the Virtual Data Center.
HackerOne has performed multiple hacking events with the U.S. government authorities. Earlier, HackerOne jointly ran a bug bounty program dubbed “Hack the Marine Corps”, a challenge focused on the Corps’ public-facing websites and services, with the DoD at the annual Black Hat and DEF CON conferences. The nine-hour program paid out $80,000 in prizes to the researchers for discovering 75 unique vulnerabilities. The researchers were also allowed to report flaws they discovered through the HackerOne-managed Marine Corps vulnerability disclosure program.
In a related development, the DoD, in 2018, launched the Hack the Pentagon hacker-powered security program to address security issues faced by the government bodies. The ethical hackers of the security program successfully resolved over 12,000 vulnerabilities.