Home / News / Hackers Found 118 Valid Vulnerabilities During Army Bug Bounty Program

Hackers Found 118 Valid Vulnerabilities During Army Bug Bounty Program

The U.S. Army received 118 valid vulnerability reports from participants involved in the the service branch’s bug bounty program that ran from Nov. 30 to Dec. 21, 2016.

HackerOne said Friday Hack the Army engaged 371 eligible participants including 25 government employees and 17 military personnel.

Participants sent 416 vulnerability reports and the first was submitted within five minutes after the program started, the company added.

HackerOne has paid hackers a total of $100,000 in bounties to date.

One participant found a pair of security flaws that opened direct access from the GoArmy.com recruitment website to a restricted Defense Department network, Federal News Radio reported Monday.

The Army said its cyber command worked to address the security problem as soon as participants discovered and reported the vulnerability, Jared Serbu wrote.

“That’s exactly the type of finding that shows the value of having human intelligence applied to this problem,” Alex Rice, HackerOne chief technology officer and co-founder, told the publication.

The Army partnered with HackerOne in November 2016 to launch the bug bounty program which serves as the first of a series of challenges that DoD plans to host after the Hack the Pentagon bug bounty pilot.

Check Also

CISA Issues Warning on Email Phishing Attacks

The Cybersecurity and Infrastructure Security Agency is urging the public to be cautious of emails that look similar to National Cyber Awareness System notifications and contain malicious threats. CISA said Tuesday that the email phishing scam deploys a spoofed email address and tricks users into downloading malware through attachments that mimic Department of Homeland Security alerts.

Leave a Reply

Your email address will not be published. Required fields are marked *