The Pentagon’s latest bug bounty challenge, Hack the Air Force 4.0, has resulted in the discovery of over 400 vulnerabilities and rewards totaling more than $290,000.
Hack the Air Force 4.0, conducted by the U.S. Department of Defense in collaboration with the Defense Digital Service and bug bounty platform HackerOne, was the Pentagon’s tenth bug bounty program.
As part of the fourth Hack the Air Force program, which ran between October 23 and November 20, 2019, participants were invited to find vulnerabilities in a pool of cloud servers and systems called the Air Force Virtual Data Center.
According to HackerOne, 60 vetted white hat hackers identified over 460 security holes. Hack the Air Force 4.0 also included a live hacking event that took place in Los Angeles on November 7, 2019, and which also targeted some systems of the UK Ministry of Defence.
“We’re thrilled to partner once again with the U.S. Air Force and HackerOne for this next iteration of ‘Hack The Air Force’,” commented Anil Dewan of the Defense Digital Service. “This Challenge allowed us to not only expand our relationships with U.S. Air Force and HackerOne, but also expand the program to new U.S. Air Force assets to further bolster cyber defenses against our adversaries.”
The first Hack the Air Force initiative took place in 2017 and earned participants over $130,000, while the second resulted in payouts totaling more than $100,000. Hack the Air Force 3.0 also earned researchers roughly $130,000.
Earlier this year, HackerOne announced that the second Hack the Army program resulted in the discovery of 146 valid flaws and rewards totaling over $275,000.
The Pentagon’s first bug bounty program was announced in 2016 and the initiatives launched since have resulted in the patching of more than 12,000 vulnerabilities and millions of dollars being paid out.