Program invites hackers to discover and disclose vulnerabilities in 60+ publicly accessible government web assets
SAN FRANCISCO--October 10--Through partnership with the Defense Digital Service, the U.S. Department of Defense (DoD) and HackerOne, the number one hacker-powered pentesting and bug bounty platform, today announced the launch of the Department’s ninth bug bounty program and second Army program, ‘Hack the Army,’ with HackerOne. The bug bounty challenge will include more than 60 publicly accessible web assets in order to enhance the safety and security of these systems through crowdsourced security testing by an army of ethical hackers. The four-week challenge will run from October 9 to November 8, 2019.
With the start of this ninth bug bounty initiative with the DoD, HackerOne has launched more federal programs than any other hacker-powered security provider, starting with ‘Hack the Pentagon’ in 2016. Previous bug bounty challenges and results include: Hack the Pentagon, Hack the Army, Hack the Air Force, Hack the Air Force 2.0, Hack the Defense Travel System, Hack the Air Force 3.0 and Hack the Marine Corps. The first Hack the Army challenge resulted in 118 unique and valid vulnerabilities, with the first being reported within five minutes of program launch, and $100,000 was awarded in monetary rewards or “bounties” given to hackers for their findings. Nearly 400 hackers from around the world participated in this challenge, including government employees and military personnel.
“It is our duty to ensure our citizens are protected from cyber threats, and finding new and innovative ways to do so is vital,” said Alex Romero, Digital Service Expert at Department of Defense Digital Service. “Our adversaries are determined and creative, so we must be every bit more of both. This latest HackerOne Challenge allows us to continue to harden the Army’s attack surfaces with the talent and diverse perspectives of HackerOne’s vetted hacker community.”
“I am looking forward to Hack the Army 2.0, another iteration of this important program led by Defense Digital Service. The Army has partnered with them on bug bounties several times in the past, always with positive results,” said LTG Stephen Fogarty, Army Cyber Command Commanding General. “Opening up the Army’s cyber terrain to the hacker community is exactly the type of outside-the-box, partnership approach we need to take to rapidly harden and better defend our most foundational weapons system: the Army network.”
When The Department of Defense and HackerOne began ‘Hack the Pentagon’ in 2016, it sparked the adoption of hacker-powered security programs within government agencies across the globe. Forward-thinking world leaders such as the European Commission and the Singapore Ministry of Defence have launched hacker-powered security programs resulting in 214% industry-wide growth on HackerOne, a rate faster than any other industry. With this surge in adoption, policymakers across the globe are recommending hacker-powered security, with some even introducing legislation to make bug bounty programs an industry standard.
“Powered by the Defense Digital Service, the DoD has established the most iterative and effective approach to cybersecurity in the modern era,” said Marten Mickos, CEO at HackerOne. “Every initiative serves as an example to private and public sector organizations worldwide when it comes to strengthening cybersecurity posture. Over the past three years, our hackers have helped the DoD find and resolve more than 10,000 vulnerabilities, and we are excited to bring this new challenge to the uniquely talented hacker army up for the task.”
Participation in the bug bounty challenge is open to individuals invited by HackerOne and active U.S. military members and government civilians. The top three U.S.-based hackers and military personnel will have the opportunity to participate in a team competition and awards ceremony at the conclusion of the challenge.
For more information on the previous Hack the Army program and results please visit: https://www.hackerone.com/blog/Hack-The-Army-Results-Are-In