The United States Air Force launched earlier this week its third bug bounty program, called Hack the Air Force 3.0, in collaboration with HackerOne.
“Thank you for your interest in participating in HackerOne’s U.S. Department of Defense (DoD) “Hack the Air Force 3.0” Bug Bounty challenge.” reads the announcement published by the United States Air Force.
“This is an effort for the U.S. Department of the Air Force to explore new approaches to its security, and to adopt the best practices used by the most successful and secure software companies in the world. By doing so, the U.S. Air Force can ensure its systems and warfighters are as secure as possible.”
The program started on October 19 and will last more than for weeks, its finish is planned for November 22.
Hack the Air Force 3.0 is the largest bug bounty program run by the U.S. government to date, it involves up to 600 researchers.
“Hack the AF 3.0 demonstrates the Air Forces willingness to fix vulnerabilities that present critical risks to the network,” said Wanda Jones-Heath, Air Force chief information security officer.
Participants will have to find vulnerabilities in the Department of Defense applications, 70% of the participants will be selected by the HackerOne reputation system and the remaining will be selected randomly.
The bug bounty is open for U.S. persons as defined by the Internal Revenue Code Section 7701(a)(30), including U.S. Government contractor personnel. The challenge is also open to foreign nationals based on their Government passport, who are not on the U.S. Department of Treasury’s Specially Designated Nationals List, and who are not citizens of China, Russia, Iran, and the Democratic People’s Republic of Korea.
“If you submit a qualifying, validated vulnerability, you may be eligible to receive an award, pending a security and criminal background check. Specific information on payment eligibility will be provided upon acceptance into the challenge.” continues the announcement.
The minimum payout for this challenge is $5,000 for critical vulnerabilities.
The first Hack the Air Force bug bounty program was launched by the United States Air Force in April 2017 to test the security of its the networks and computer systems.
The program allowed to discover over 200 valid vulnerabilities, researchers received more than $130,000. On February 2018, HackerOne announced the results of the second round for U.S. Air Force bug bounty program, Hack the Air Force 2.0.. The US Government paid more than $100,000 for over 100 reported vulnerabilities.
(Security Affairs – Hack the Air Force. bug bounty)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.