The Pentagon’s latest bug bounty challenge, Hack the Air Force 4.0, has resulted in the discovery of over 400 vulnerabilities and rewards totaling more than $290,000.
Hack the Air Force 4.0, conducted by the U.S. Department of Defense in collaboration with the Defense Digital Service and bug bounty platform HackerOne, was the Pentagon’s tenth bug bounty program.
As part of the fourth Hack the Air Force program, which ran between October 23 and November 20, 2019, participants were invited to find vulnerabilities in a pool of cloud servers and systems called the Air Force Virtual Data Center.
According to HackerOne, 60 vetted white hat hackers identified over 460 security holes. Hack the Air Force 4.0 also included a live hacking event that took place in Los Angeles on November 7, 2019, and which also targeted some systems of the UK Ministry of Defence.
“We’re thrilled to partner once again with the U.S. Air Force and HackerOne for this next iteration of ‘Hack The Air Force’,” commented Anil Dewan of the Defense Digital Service. “This Challenge allowed us to not only expand our relationships with U.S. Air Force and HackerOne, but also expand the program to new U.S. Air Force assets to further bolster cyber defenses against our adversaries.”
The first Hack the Air Force initiative took place in 2017 and earned participants over $130,000, while the second resulted in payouts totaling more than $100,000. Hack the Air Force 3.0 also earned researchers roughly $130,000.
Earlier this year, HackerOne announced that the second Hack the Army program resulted in the discovery of 146 valid flaws and rewards totaling over $275,000.
The Pentagon’s first bug bounty program was announced in 2016 and the initiatives launched since have resulted in the patching of more than 12,000 vulnerabilities and millions of dollars being paid out.
Related: Pentagon Hacked in New U.S. Air Force Bug Bounty Program
Related: Tens of Vulnerabilities Found in Pentagon Travel Management System
Related: Expert Hacks Internal DoD Network via Army Website
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- NIST Publishes Final Version of 800-82r3 OT Security Guide
- Johnson Controls Hit by Ransomware
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Government Shutdown Could Bench 80% of CISA Staff
- Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
Latest News
- Johnson Controls Ransomware Attack Could Impact DHS
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- CISA Kicks Off Cybersecurity Awareness Month With New Program
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- Silverfort Open Sources Lateral Movement Detection Tool
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
