Posted on January 8, 2021 at 5:10 PM
The U.S government has rolled out the third edition of the Hack the Army 3.0 bounty, which gives hackers the chance to explore vulnerability in military networks.
For this edition, the U.S. Army is collaborating with the HackerOne platform for the bug bounty program.
The last Hack the Army bug bounty program, was carried out between October 9 and November 15, 2019, via the HackerOne platform.
146 bugs found so far in the previous program
The program is operated by the U.S. Department of Defense (DoD) and the Defense Digital Service. It has already given out over $275,000 in the form of rewards to hackers in a total of 146 reported valid vulnerabilities.
52 white hackers took part in the previous edition of the program. In the program, the U.S. Army allowed the participants to test over 60 web assets available to the public, which include the Arlington cemetery website, goarmy.mil, as well as army.mil.
The U.S. government has announced that the third edition of the Hack the Army bug bounty program starts from January 6th and ends by February 17.
The bug bounty program is increasingly becoming popular for companies and organizations looking to improve their security structure.
White hackers are usually called upon to have a free hand on the organization’s systems and servers to find out any vulnerability. They are then awarded a certain amount if they eventually discover any vulnerability. Sometimes the reward amount depends on the severity of the discovered vulnerability.
The U.S army bug bounty program has been very rewarding to both the participants and the U.S. government. The 146 vulnerabilities discovered since the first program was launched means the U.S. army was able to patch the bug before threat actors are given the chance to explore. In return, the researcher or white hacker who discovers the bug goes home smiling with financial rewards.
The program is for both military and civilian hackers, who are invited to dislodge digital bugs in the U.S. Department of the Army.
Hack the Army 3.0 is a hacker-powered and time-bound security test designed at discovering vulnerabilities so they can be fixed before threat actors explore them.
The bug bounty programs have become industry best practices, as most top organizations across the world have rolled out their program. Hack the Army is a good example of DDoS and the U.S. Army’s resolve to provide better protection on its cyber facilities.
The Army is intent on using non-traditional and innovative approaches to provide the security of data, networks, and people.
Complementing the army’s existing security measures
Brig. Gen. Adam Volant said the bug bounty program is one of the many ways the army wants to make sure its systems and servers are safe.
He pointed out that the program is an effective and unique “force multiplier” that can safeguard data, systems, and critical army networks. It is also great for consolidating on the efforts made by the DoD security and the Army.
He further stated that using some of the best civilian and military hackers in the world will complement the army’s existing security measures as it offers more avenues of identifying and fixing bugs.
Military participants not entitled to reward
The rollout of Hack the Army 3.0 will consolidate on the previous bounty efforts. Director of Defense Digital Service Brett Goldstein said the partnership with the U.S. Army on this program is an exciting one. According to him, the partnership will strengthen the security systems of the army, making it more difficult to hack.
“We’re calling on civilian and military hackers to show us what they’ve got in this bug bounty and to help train the future force,” he added.
However, only invited hackers made up of active U.S. military members and civilian hackers, are allowed to participate. While civilian hackers will be entitled to a certain reward for valid vulnerabilities, military personal who are participating in the program are not entitled to any award.
DDS has always been at the forefront of hacker-powered security testing since the days of the “Hack the Pentagon” program. It has partnered with HackerOne to roll out more federal bounty programs.