Hack the Army bug bounty program results: 146 valid vulnerabilities were reported by white hat hackers and more than $275,000 were paid in rewards.
The second Hack the Army bug bounty program ran between October 9 and November 15, 2019 through the HackerOne platform. The bug bounty program operated by the Defense Digital Service, along with the U.S. Department of Defense (DoD) paid more than $275,000 in rewards and a total of 146 valid vulnerabilities were reported.
52 white hat hackers took part in the Hack the Army bounty program, US army asked participants to test more than 60 publicly accessible web assets, including *.army.mil, *.goarmy.mil, and the Arlington Cemetery website.
Participants were from the U.S., Canada, Romania, Portugal, the Netherlands, and Germany.
“Participation from hackers is key in helping the Department of Defense boost its security practices beyond basic compliance checklists to get to real security,” said Alex Romero, Digital Service Expert at Department of Defense Defense Digital Service. “With each Hack the Army challenge, our team has strengthened its security posture.”
“The partnership with DDS demonstrates a fun and creative way to safely find solutions, so we look forward to building on this relationship to create future events,” said a US Army Cyber Command spokesperson.”
On November 20, during the awards ceremony held in Augusta, Georgia, the top three hackers @alyssa_herrera, @erbbysam, and @cdl were rewarded for their contributions. The three experts also spoke about their experience in the program
“The Department of Defense programs are some of my favorites to hack on, and Hack the Army 2.0 was one of the most rewarding,” said second place winner @alyssa_herrera. “It is so exciting to know that the vulnerabilities I find go towards strengthening Army defenses to protect millions of people. Coming in second place and being invited to spend time with the hackers and soldiers I worked alongside made the impact we made in this Challenge feel even bigger.”
More information on the past edition of the Hack the Army program and results are available here.
(SecurityAffairs – Hack the Army, hacking)