Military and civilian security researchers discovered 238 vulnerabilities within a range of two applications during the third iteration of the Hack the Army challenge of the Defense Digital Service (DDS) and the U.S. Army.
Of those vulnerabilities, 102 were designated critical threats that require immediate remediation, HackerOne said Thursday. The Army and DDS awarded over $150,000 in bug bounties to civilian hackers during the six-week Hack the Army 3.0 challenge that started in Jan. 2021.
Maya Kuang, Army product manager at DDS, told HackerOne in an interview that the rise in identified vulnerabilities during the challenge could be looked at as an increase in the testing surface and could be attributed to two factors.
“One factor is that the hacker community is pushing the boundaries of what we know in cybersecurity on every engagement and do not hesitate to test out different processes. The other factor on our side when we work with internal partners is the increased understanding of the vetted, crowdsourced testing model and the receptiveness toward it,” Kuang said.
Johann Wallace, compliance division chief at Army Network Enterprise Technology Command (NETCOM), cited the advantages of conducting Hack the Army to the service branch.
“Hack the Army does a tremendous job of exposing content and coding errors that our normal compliance-based scanning had overlooked. Just because a system is patched doesn’t mean that it’s secure, and an engagement like Hack the Army allows us to leverage additional subject-matter expertise to look at more assets faster than we do with our internal vulnerability assessment teams alone,” Wallace said.
If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club’s CMMC Forum coming up on June 16th.
CMMC Accreditation Body Chairman Karlton Johnson will serve as the keynote speaker for the Forum to provide his overview and vision of the CMMC Rollout as well as the top priorities for the board and how industry feedback will help to improve the vision behind how the organization develops for the first 100 days.
To register for this virtual forum and view other upcoming events, visit the POC Events page.