Hackers Found 118 Valid Vulnerabilities During Army Bug Bounty Program

blankThe U.S. Army received 118 valid vulnerability reports from participants involved in the the service branch’s bug bounty program that ran from Nov. 30 to Dec. 21, 2016.

HackerOne said Friday Hack the Army engaged 371 eligible participants including 25 government employees and 17 military personnel.

Participants sent 416 vulnerability reports and the first was submitted within five minutes after the program started, the company added.

HackerOne has paid hackers a total of $100,000 in bounties to date.

One participant found a pair of security flaws that opened direct access from the GoArmy.com recruitment website to a restricted Defense Department network, Federal News Radio reported Monday.

The Army said its cyber command worked to address the security problem as soon as participants discovered and reported the vulnerability, Jared Serbu wrote.

“That’s exactly the type of finding that shows the value of having human intelligence applied to this problem,” Alex Rice, HackerOne chief technology officer and co-founder, told the publication.

The Army partnered with HackerOne in November 2016 to launch the bug bounty program which serves as the first of a series of challenges that DoD plans to host after the Hack the Pentagon bug bounty pilot.

You may also be interested in...

Lt. Gen. Shaun Morris

Lt. Gen. Shaun Morris on AFLCMC’s Push for 5G, Digital Engineering Efforts

 Lt. Gen. Shaun Morris, commander of the Air Force Life Cycle Management Center (AFLCMC), said in a recent address that the center has invested significantly in technologies like 5G to help promote efficiency across military bases. “As an Air Force, I think it is important to capitalize off what we’ve done and not lose sight of these investments,” said Morris.

Leave a Reply

Your email address will not be published. Required fields are marked *