code inspection (magic pictures/

Air Force widens military bug bounty program

The Air Force has announced its bug bounty program, opening some of its key public websites to  white hat hackers from "Five Eyes" nations: the U.S. plus United Kingdom, Canada, Australia and New Zealand.


DOD bug bounty programs pay off

The Pentagon’s Hack the Pentagon pilot found more bugs faster, for a fraction of the cost of commercial penetration testing, a DOD digital service expert said. Read more.

4 tips for bug bounty programs

A well-run program offers agencies a way to extend their penetration testing and network monitoring programs. Read more.

"We have malicious hackers trying to get into our systems every day," said Air Force Chief Information Security Officer Peter Kim at the kickoff event held at the headquarters of HackerOne, which is running the competition. "It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture," he said.

The Hack the Pentagon competition in the spring of 2016 attracted some 1,400 participants who generated more than 1,000 vulnerability reports -- 138 were resolved, and hackers received $75,000 of prize money in return.

In late 2016, the Army advanced the concept by allowing hackers into public-facing recruiting sites containing dynamic data. In that competition, 371 participants filed more than 400 vulnerability reports, 118 of which were actionable.

That competition also opened the door to active military and government workers, which will also be the case for the Hack the Air Force competition -- though they are not eligible to collect prize money.

Registration for Hack the Air Force opens on May 15.

This article was first posted to FCW, a sister site to GCN.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.