I have discussed many times the importance and the numerous advantages of a bug bounty program.
Bug bounties are very popular initiatives among the communities of white hats, principal companies, including Facebook, Google, and Microsoft. Facebook, for example, announced to have paid more than $3 million since 2011, when its bug bounty program was launched.
A year ago the Pentagon launched the ‘Hack the Pentagon’ initiative, the first-ever program of its kind, that aims to test the resilience to cyber attacks of the US defenses.
News of the day is that the United States Air Force has announced the ‘Hack the Air Force’ bug bounty program to test the security of its the networks and computer systems.
The initiative was announced yesterday by the US Air Force via a Facebook live stream, the bug bounty initiative is operated by the HackerOne and called ‘Hack the Air Force’.
White-hat hackers are invited to participate the progreamme to find security vulnerabilities affecting systems exposed on the Internet by the US Air Force.
The US Government will pay for any bug discovered under the ‘Hack the Air Force’ initiative.
“We have millions of probes a day, a week, on our DoD systems quite frankly. These are probably people out there, around the world, who particularly aren’t friendly with the Department of Defense. And they generally don’t tell us what’s wrong with our systems until we find out that something’s been hacked. And so I want to turn that around. I want to know beforehand where our vulnerabilities are. I know we have vulnerabilities, and I want to know where those are in the United States Air Force.” said Chief Information Security Officer Peter Kim.
Kim highlighted the importance of an external security assessment of the systems of the US Air Force, it is essential to discover the vulnerabilities before threat actors and bug bounty initiatives are very useful in this sense.
Researchers and white-hat hackers that want to participate in the challenge will need to register on the HackerOne website, then the operators behind the platform will make necessary the checks before granting the access to the programme.
Military members and government civilians are not eligible for compensation, they can anyway participate on-duty with supervisor approval.
Registration for Hack the Air Force is scheduled to begin May 15th and is open to United States, UK, Australian, New Zealand, and Canadian citizens. These states belong to the so-called states belong to the so-called states belong to the so-called Five Eyes intelligence alliance. The Hack the Air Force bug bounty program will run from May 30 to June 23.
Experts believe the US Government and the US Air Force may run other bug bounty initiatives in the future.
At the time I was writing there is no news about the total amount of money reserved for the initiative, the DoD’s Hack the Pentagon initiative paid $75,000 in bounties, the Department of Defense in the past have offered bounty payments of up to $150,000 for hackers who discover security vulnerabilities.
Security Affairs – (Hack the Pentagon, cyber security)