Around 81 ethical hackers from the U.S., India, Ukraine, Turkey, and Canada participated in the recently concluded bug bounty program organized by the U.S. Department of Defense (DoD) with the participation from bug bounty platform HackerOne.
The bounty program, named Hack the Proxy with HackerOne, was sponsored by the U.S. Cyber Command with a focus on content intermediaries, like proxies, VPNs, and virtual desktops. “Hack the Proxy program was the first initiative that’s focused on securing content intermediaries for publicly accessible proxy servers owned by the government,” DoD said in a statement.
The Department of Defense stated that security researchers around the world submitted 31 valid vulnerabilities from September 3, 2019, to September 18, 2019. The hackers are rewarded US$ 33,750 for their findings.
“With each new initiative, the Department of Defense further bolsters its cyber defenses against rogue enemy actors thanks to white hat hackers from across the globe,” said Alex Romero, Digital Service Expert at the Department of Defense Digital Service. “As our adversaries become more sophisticated in their tactics, we must stay one step ahead to protect our citizens and defense systems. HackerOne’s global community of vetted hackers have helped us discover and remediate vulnerabilities that represent a real risk to national security.”
“Since 2016, the DoD has embraced hacker-powered security with open arms by consistently collaborating with hackers worldwide to help them find areas where they can be vulnerable to attack,” said Marten Mickos, CEO at HackerOne. “Each initiative has not only bolstered the DoD’s cybersecurity posture but also served as an example of how trusting hackers can improve the defense system on an ongoing basis.”
Earlier, the Department of Defense ran a bug bounty program, a challenge focused on the Corps’ public-facing websites and services. The nine-hour program paid out $80,000 in prizes to researchers for discovering 75 unique vulnerabilities. The researchers are also allowed to report flaws they find through the HackerOne-managed Marine Corps vulnerability disclosure program until August 26, 2018, but without earning a prize.