The U.S. Defense Department, along with bug bounty platform HackerOne, presented the results of the third bug bounty program Hack the Air Force.
The program started on October 19 and lasted more than four weeks, it finished on November 22.
Hack the Air Force 3.0 was announced as the largest bug bounty program run by the U.S. government to date, nearly 30 white hat hackers took part in the contest.
The U.S. Defense Department revealed that the participants discovered more than 120 vulnerabilities and they earned over $130,000.
The minimum payout for this challenge was $5,000 for critical vulnerabilities.
“It’s critical to allow these researchers to uncover vulnerabilities in Air Force websites and systems, which ultimately strengthens our cybersecurity posture and decreases our vulnerability surface area,” said Capt. James “JT” Thomas, Air Force Digital Services.
“By opening up these types of challenges to more countries and individuals, we get a wide range of talent and experience we would normally not have access to in order to harden out networks.”
Previous Hack the Air Force challenges paid out roughly $130,000 in the first edition and over $100,000 in the second challenge. Over 430 unique security flaws have been fixed as a result of these events.
The first Hack the Air Force bug bounty program was launched by the United States Air Force in April 2017 to test the security of its the networks and computer systems.
The program allowed to discover over 200 valid vulnerabilities, researchers received more than $130,000. On February 2018, HackerOne announced the results of the second round for U.S. Air Force bug bounty program, Hack the Air Force 2.0.. The US Government paid more than $100,000 for over 100 reported vulnerabilities.
(SecurityAffairs – Hack the Air Force, bug bounty)