Four-week challenge runs until November 8

The US Department of Defense has rolled out a new Hack the Army bug bounty program with HackerOne

The US Department of Defense (DoD) has announced the launch of its second ‘Hack the Army’ security bug bounty program.

Launched in partnership with the Defense Digital Service and HackerOne, the invite-only, four-week program invites hackers to discover and disclose vulnerabilities in more than 60 publicly accessible DoD web assets.

“It is our duty to ensure our citizens are protected from cyber threats, and finding new and innovative ways to do so is vital,” said Alex Romero, digital service expert at the DoD Digital Service.

“This latest HackerOne challenge allows us to continue to harden the army’s attack surfaces with the talent and diverse perspectives of HackerOne’s vetted hacker community.”

Hack one, Hack two

The first Hack the Army challenge from November 2017 resulted in the discovery 118 unique and valid vulnerabilities and $100,000 being awarded in monetary rewards.

Nearly 400 hackers from around the world participated in the first program, including government employees and military personnel.

More widely, the rollout of Hack the Army 2.0 marks HackerOne’s ninth bug bounty initiative with the DoD.

Previous challenges have included Hack the Pentagon, Hack the Air Force, Hack the Defense Travel System, and Hack the Marine Corps.

Federal bounties

News of this latest government-led bug bounty comes on the heels of HackerOne’s 2019 Hacker-Powered Security Report, a benchmark study of the bug bounty and vulnerability disclosure marketplace.

Built through the analysis of 120,000 security vulnerabilities that researchers disclosed to more than 1,400 organizations through HackerOne, the report found that federal bug bounty programs had the strongest year-over-year industry growth, at 214%.

“Opening up the army’s cyber terrain to the hacker community is exactly the type of outside-the-box, partnership approach we need to take to rapidly harden and better defend our most foundational weapons system: the army network,” said LTG Stephen Fogarty, Army Cyber Command Commanding General, of the latest program.

Mårten Mickos, CEO at HackerOne, added: “Over the past three years, our hackers have helped the DoD find and resolve more than 10,000 vulnerabilities, and we are excited to bring this new challenge to the uniquely talented hacker army up for the task.”

Hack the Army 2.0 runs through November 8, 2019.


YOU MIGHT ALSO LIKE Esports gaming skills pave the way for cybersecurity careers