White Hats Take Aim in 'Hack the Air Force' Bug Bounty Program

[LASER_oneXM]

The inaugural Air Force bug bounty program involved 272 vetted hackers, who submitted 207 valid flaws in 24 days.

The Department of Defense (DoD) let white-hat hackers take aim at the U.S. Air Force in its latest, largest, and most successful federal bug bounty program. "Hack the Air Force" resulted in 207 valid vulnerabilities disclosed and more than $130,000 in awards to participants.

This is the third time HackerOne and the DoD have partnered on a program in which hackers are invited to hunt vulnerabilities in government networks. Earlier initiatives included Hack the Pentagon and Hack the Army, which resulted in 138 and 118 valid bugs, respectively.

Hack the Air Force was announced in April 2017 and ran from May 30 through June 23. In 24 days, hackers dug through public-facing domains for security flaws. The first vulnerability was reported in less than one minute, and 23 were submitted in the first 24 hours.

Nine of the 207 valid bugs they discovered were of high or critical severity, says HackerOne CEO Marten Mickos.

The program involved 272 vetted hackers representing a range of ages, professional backgrounds, and nationalities. Two participants were active duty military personnel and 33 were not from the United States - a first for this type of program. The Pentagon invited participants from outside countries including the UK, Canada, Australia, and New Zealand.