Hackers Found 118 Valid Vulnerabilities During Army Bug Bounty Program

The U.S. Army received 118 valid vulnerability reports from participants involved in the the service branch’s bug bounty program that ran from Nov. 30 to Dec. 21, 2016.

HackerOne said Friday Hack the Army engaged 371 eligible participants including 25 government employees and 17 military personnel.

Participants sent 416 vulnerability reports and the first was submitted within five minutes after the program started, the company added.

HackerOne has paid hackers a total of $100,000 in bounties to date.

One participant found a pair of security flaws that opened direct access from the GoArmy.com recruitment website to a restricted Defense Department network, Federal News Radio reported Monday.

The Army said its cyber command worked to address the security problem as soon as participants discovered and reported the vulnerability, Jared Serbu wrote.

“That’s exactly the type of finding that shows the value of having human intelligence applied to this problem,” Alex Rice, HackerOne chief technology officer and co-founder, told the publication.

The Army partnered with HackerOne in November 2016 to launch the bug bounty program which serves as the first of a series of challenges that DoD plans to host after the Hack the Pentagon bug bounty pilot.

Check Also

Jupiter Asteroids

NASA Confirms Integration Schedule of Lucy Asteroid Probe Mission

NASA has concluded the systems integration review of a space probe mission that will explore Jupiter's Trojan asteroids, verifying the spacecraft's components for integration. The review evaluated the integration schedule of the Lucy spacecraft's subsystems, electrical components, scientific instruments, navigation systems and communications.

Leave a Reply

Your email address will not be published. Required fields are marked *