The U.S. government launched Hack the Army 3.0, the third edition of its bug bounty program, in collaboration with the HackerOne platform.
The second Hack the Army bug bounty program ran between October 9 and November 15, 2019 through the HackerOne platform. The bug bounty program operated by the Defense Digital Service, along with the U.S. Department of Defense (DoD) paid more than $275,000 in rewards and a total of 146 valid vulnerabilities were reported.
The previous edition of the bug bounty program saw the participation of the 52 white hat hackers. US army asked participants to test more than 60 publicly accessible web assets, including *.army.mil, *.goarmy.mil, and the Arlington Cemetery website.
Now the US government announced that Hack the Army 3.0 that takes place between January 6 and February 17.
“Bug bounty programs are a unique and effective ‘force multiplier’ for safeguarding critical Army networks, systems and data, and build on the efforts of our Army and DoD security professionals,” said Brig. Gen. Adam C. Volant, U.S. Army Cyber Command Director of Operations. “By ‘crowdsourcing’ solutions with the help of the world’s best military and civilian ethical hackers, we complement our existing security measures and provide an additional means to identify and fix vulnerabilities. Hack the Army 3.0 builds upon the successes and lessons of our prior bug bounty programs.”
“We are proud of our continued partnership with the Army to challenge the status quo in strengthening the security of military systems and shifting government culture by engaging ethical hackers to address vulnerabilities” says Brett Goldstein, Director, Defense Digital Service. “We’re calling on civilian and military hackers to show us what they’ve got in this bug bounty and to help train the future force.”
The initiative continues to be operated by the Defense Digital Service (DDS) that will invite a selected number of military and civilian white hat hackers.
According to the program policy, only civilian participants are eligible for bug bounties.
“We are living in a different world today than even just a year ago,” said Marten Mickos, CEO of HackerOne. “Amidst disinformation and a global health crisis, citizens are increasingly wary of how, when, and where their information is used. For years, the U.S. Department of Defense and respective military branches have successfully strengthened their cybersecurity posture and protected precious data by enlisting the help of ethical hackers on HackerOne. Years later, hacker-powered security is not only a best practice in the US military, but it is now a mandated requirement among civilian federal agencies. There is only one way to secure our connected society, together, and the U.S. Army is leading the charge with this latest challenge.”
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, bug bounty)