The latest “Hack the Army” effort has awarded $275,000 in prizes and identified more than 145 security vulnerabilities.
Hack the Army 2.0 was a partnership between the Department of Defense (DoD), Defense Digital Service, and HackerOne. The program, which ran from Oct. 9 to Nov. 15 of last year, challenged 52 white hat hackers to attack more than 60 publicly accessible web assets. The hackers – who hailed from the United States, Canada, Romania, Portugal, the Netherlands, and Germany – identified 146 valid vulnerabilities in five weeks. In total, the army awarded $275,000 in bounties, with the single largest bounty clocking in at $20,000.
“Participation from hackers is key in helping the Department of Defense boost its security practices beyond basic compliance checklists to get to real security,” said Alex Romero, digital service expert at DoD Defense Digital Service. “With each Hack the Army challenge, our team has strengthened its security posture.”
The military has increasingly turned to white hat hackers to help identify security vulnerabilities, with Hack the Army 2.0 being the ninth bug bounty initiative within the DoD. The DoD has also run Hack the Pentagon, Hack the Army, Hack the Air Force, Hack the Air Force 2.0, Hack the Defense Travel System, Hack the Air Force 3.0, and Hack the Marine Corps.
Following Hack the Army 2.0, DoD hosted a panel discussion where the hackers shared their experiences in the program.
“The Department of Defense programs are some of my favorites to hack on, and Hack the Army 2.0 was one of the most rewarding,” said second-place winner @alyssa_herrera. “It is so exciting to know that the vulnerabilities I find go towards strengthening Army defenses to protect millions of people.”