Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

DoD Announces Final Results of ‘Hack US’ Bug Bounty Program

The US Department of Defense (DoD) and HackerOne this week announced the results of the Hack US one-week bug bounty challenge that ran from July 4 to July 11, 2022.

The US Department of Defense (DoD) and HackerOne this week announced the results of the Hack US one-week bug bounty challenge that ran from July 4 to July 11, 2022.

Launched by the Chief Digital and Artificial Intelligence Office (CDAO) Directorate for Digital Services and the Department of Defense Cyber Crime Center (DC3), the challenge was an extension of DoD’s vulnerability disclosure program (VDP) running on the HackerOne bug bounty platform.

The DoD announced it was offering a total bounty pool of $110,000, representing $75,000 in rewards for submitted vulnerability reports, and $35,000 for bonus awards.

This week, the department said that the entire bounty pool was exhausted. A total of 267 ethical hackers participated in the challenge, 139 of them being new to DoD’s VDP.

In total, the ethical hackers submitted 648 reports during the Hack US event, including 349 actionable reports, the DoD announced.

According to DoD VDP director at DC3 Melissa Vice, many of the submitted reports “could have been critical had they not been identified and remediated during this bug bounty challenge”.

She also pointed out that information disclosure was the most commonly identified vulnerability type during the seven-day event, followed by improper access control and SQL injection.

Vice also said that DoD will use the insights gained during the challenge to address the root cause of these security issues and prevent their malicious exploitation.

Advertisement. Scroll to continue reading.

“The vulnerabilities discovered by the hacker community during Hack US will offer more air cover on all the assets that help maintain US national security, and insights from reports will help inform how the DoD approaches identifying future threats,” HackerOne co-founder and CTO Alex Rice said.

Related: DoD Announces Results of Vulnerability Disclosure Program for Defense Contractors

Related: California Man Convicted for Stealing Millions From DoD via Phishing Scheme

Related: Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.