The Department of Defense and bug-bounty platform HackerOne unveiled the results of their joint Hack the Army 2.0 initiative on Wednesday.
During just over a month of competition at the end of 2019, 52 hackers found 146 valid security vulnerabilities and were awarded a total of $275,000 for their work. The hackers, who hailed from the U.S., Canada, Romania, Portugal, the Netherlands and Germany, were asked to survey more than 60 publicly accessible web assets, like the Arlington National Cemetery website, the army.mil domain and more.
After the close of the competition, on Nov. 20, 2019, the DOD hosted an awards ceremony in Augusta, Georgia, where it recognized the top three participants. The hackers also had the opportunity to meet and talk with DOD cybersecurity professionals.
“The Department of Defense programs are some of my favorites to hack on, and Hack the Army 2.0 was one of the most rewarding,” second place winner @alyssa_herrera said in a statement. “It is so exciting to know that the vulnerabilities I find go towards strengthening Army defenses to protect millions of people. Coming in second place and being invited to spend time with the hackers and soldiers I worked alongside made the impact we made in this Challenge feel even bigger.”
The program was the second bug bounty that the Army hosted through HackerOne. During the first, held in November and December 2016, 371 “white hat” hackers found 118 valid vulnerabilities and were awarded a total of around $100,000 for their discoveries.
It’s also the ninth bug bounty program that HackerOne has run at the Department of Defense. Led by DDS, the DOD has been active in the bug bounty space since launching its first challenge, Hack the Pentagon, in 2016. Since then the agency has run a bunch of other bounties — Hack the Army, Hack the Air Force, Hack the Air Force 2.0, Hack the Air Force 3.0, Hack the Defense Travel System and Hack the Marine Corps.
In total, HackerOne says, these programs have helped the DOD find and resolve 10,000 vulnerabilities.