20 February 2018

Ethical hackers discover 100 vulnerabilities in U.S. Air Force systems

BY MORGAN CHALFANT

So-called white-hat hackers discovered more than 100 vulnerabilities in Air Force networks in the second round of the service’s "bug bounty" program, according to figures released on Thursday.

The program, called Hack the Air Force, invited security researchers to find and report vulnerabilities in the service’s government systems and rewarded them for doing so.

More than two dozen hackers from around the world discovered 106 vulnerabilities in Air Force networks, which earned them nearly $104,000 combined, bug bounty platform HackerOne announced on Thursday. 


The Hack the Air Force initiative is part of a larger bug bounty initiative at the Pentagon, established by Defense Secretary Ash Carter during the Obama administration to help bolster the U.S. military’s digital defenses.

“We continue to harden our attack surfaces based on findings of the previous challenge and will add lessons learned from this round,” Peter Kim, the Air Force’s chief information security officer, said in a statement Thursday. “This reinforces the work the Air Force is already doing to strengthen cyber defenses and has created meaningful relationships with skilled researchers that will last for years to come.” 

The latest challenge for the Air Force generated a $12,500 payout to one hacker for discovering a vulnerability, the largest bounty paid yet in any federal bug bounty program.

Bug bounty initiatives have become increasingly popular as organizations and businesses look to secure their digital systems from mounting cyber threats.

Since the Pentagon program launched in 2016, white-hat hackers have turned up more than 3,000 vulnerabilities that have since been resolved.

Lawmakers are looking to expand bug bounty programs more widely in the federal government. A bipartisan pair of senators has proposed a bill that would establish a pilot bug bounty program at the Department of Homeland Security.

No comments: