Connect with us

Hi, what are you looking for?


Management & Strategy

Pentagon Paid Out $290,000 for Vulnerabilities in Air Force Data Center

The Pentagon’s latest bug bounty challenge, Hack the Air Force 4.0, has resulted in the discovery of over 400 vulnerabilities and rewards totaling more than $290,000.

The Pentagon’s latest bug bounty challenge, Hack the Air Force 4.0, has resulted in the discovery of over 400 vulnerabilities and rewards totaling more than $290,000.

Hack the Air Force 4.0, conducted by the U.S. Department of Defense in collaboration with the Defense Digital Service and bug bounty platform HackerOne, was the Pentagon’s tenth bug bounty program.

As part of the fourth Hack the Air Force program, which ran between October 23 and November 20, 2019, participants were invited to find vulnerabilities in a pool of cloud servers and systems called the Air Force Virtual Data Center.

According to HackerOne, 60 vetted white hat hackers identified over 460 security holes. Hack the Air Force 4.0 also included a live hacking event that took place in Los Angeles on November 7, 2019, and which also targeted some systems of the UK Ministry of Defence.

“We’re thrilled to partner once again with the U.S. Air Force and HackerOne for this next iteration of ‘Hack The Air Force’,” commented Anil Dewan of the Defense Digital Service. “This Challenge allowed us to not only expand our relationships with U.S. Air Force and HackerOne, but also expand the program to new U.S. Air Force assets to further bolster cyber defenses against our adversaries.”

The first Hack the Air Force initiative took place in 2017 and earned participants over $130,000, while the second resulted in payouts totaling more than $100,000. Hack the Air Force 3.0 also earned researchers roughly $130,000.

Earlier this year, HackerOne announced that the second Hack the Army program resulted in the discovery of 146 valid flaws and rewards totaling over $275,000.

Advertisement. Scroll to continue reading.

The Pentagon’s first bug bounty program was announced in 2016 and the initiatives launched since have resulted in the patching of more than 12,000 vulnerabilities and millions of dollars being paid out.

Related: Pentagon Hacked in New U.S. Air Force Bug Bounty Program

Related: Tens of Vulnerabilities Found in Pentagon Travel Management System

Related: Expert Hacks Internal DoD Network via Army Website

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.