Air Force widens military bug bounty program
- By Sean D. Carberry
- Apr 27, 2017
The Air Force has announced its bug bounty program, opening some of its key public websites to white hat hackers from "Five Eyes" nations: the U.S. plus United Kingdom, Canada, Australia and New Zealand.
"We have malicious hackers trying to get into our systems every day," said Air Force Chief Information Security Officer Peter Kim at the kickoff event held at the headquarters of HackerOne, which is running the competition. "It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture," he said.
The Hack the Pentagon competition in the spring of 2016 attracted some 1,400 participants who generated more than 1,000 vulnerability reports -- 138 were resolved, and hackers received $75,000 of prize money in return.
In late 2016, the Army advanced the concept by allowing hackers into public-facing recruiting sites containing dynamic data. In that competition, 371 participants filed more than 400 vulnerability reports, 118 of which were actionable.
That competition also opened the door to active military and government workers, which will also be the case for the Hack the Air Force competition -- though they are not eligible to collect prize money.
Registration for Hack the Air Force opens on May 15.
This article was first posted to FCW, a sister site to GCN.
Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.