Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



DoD Announces Final Results of ‘Hack US’ Bug Bounty Program

The US Department of Defense (DoD) and HackerOne this week announced the results of the Hack US one-week bug bounty challenge that ran from July 4 to July 11, 2022.

The US Department of Defense (DoD) and HackerOne this week announced the results of the Hack US one-week bug bounty challenge that ran from July 4 to July 11, 2022.

Launched by the Chief Digital and Artificial Intelligence Office (CDAO) Directorate for Digital Services and the Department of Defense Cyber Crime Center (DC3), the challenge was an extension of DoD’s vulnerability disclosure program (VDP) running on the HackerOne bug bounty platform.

The DoD announced it was offering a total bounty pool of $110,000, representing $75,000 in rewards for submitted vulnerability reports, and $35,000 for bonus awards.

This week, the department said that the entire bounty pool was exhausted. A total of 267 ethical hackers participated in the challenge, 139 of them being new to DoD’s VDP.

In total, the ethical hackers submitted 648 reports during the Hack US event, including 349 actionable reports, the DoD announced.

According to DoD VDP director at DC3 Melissa Vice, many of the submitted reports “could have been critical had they not been identified and remediated during this bug bounty challenge”.

She also pointed out that information disclosure was the most commonly identified vulnerability type during the seven-day event, followed by improper access control and SQL injection.

Vice also said that DoD will use the insights gained during the challenge to address the root cause of these security issues and prevent their malicious exploitation.

Advertisement. Scroll to continue reading.

“The vulnerabilities discovered by the hacker community during Hack US will offer more air cover on all the assets that help maintain US national security, and insights from reports will help inform how the DoD approaches identifying future threats,” HackerOne co-founder and CTO Alex Rice said.

Related: DoD Announces Results of Vulnerability Disclosure Program for Defense Contractors

Related: California Man Convicted for Stealing Millions From DoD via Phishing Scheme

Related: Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights