U.S. Department of Defense Kicks Off Fifth Bug Bounty Challenge With HackerOne

The DoD Invites Hackers to Test Enterprise System Security Used for Global Operations

SAN FRANCISCO--()--HackerOne, the leading hacker-powered security platform, today announced the fifth U.S. Department of Defense bug bounty program. The program opened registration on April 1, 2018, scheduled to conclude on April 29, 2018, and will focus on a Department of Defense (DoD) enterprise system relied on by millions of employees for global operations.

“The DoD has seen tremendous success to date working with hackers to secure our vital systems, and we’re looking forward to taking a page from their playbook,” said Jack Messer, project lead at Defense Manpower Data Center. “We’re excited to be working with the global ethical hacker community, and the diverse perspectives they bring to the table, to continue to secure our critical systems.”

To be eligible to participate in the bug bounty challenge, individuals from the public must be United States taxpayers or a citizen of or eligible to work in the United Kingdom, Canada, Australia, or New Zealand. U.S. government active military members and contractor personnel are also eligible to participate but not eligible for financial rewards. See full eligibility requirements and register here.

“Millions of government employees and contractors use and rely upon key enterprise systems every day,” said Reina Staley, Chief of Staff at Defense Digital Service. “Any compromise of the system or the sensitive information it handles would be detrimental to our people and our mission. These bug bounty challenges are a way to give talent outside the public sector a channel to safely disclose security issues and get rewarded for these acts of patriotism.”

Since the Hack the Pentagon program kicked off in 2016, over 3,000 vulnerabilities have been resolved in government systems. The first Hack the Air Force bug bounty challenge resulted in 207 valid reports and hackers earned more than $130,000 for their contributions. The second Hack the Air Force resulted in 106 valid vulnerabilities surfaced and $103,883 paid to hackers. Hack the Army in December 2016 surfaced 118 valid vulnerabilities and paid $100,000, and Hack the Pentagon in May 2016 resulted in 138 valid vulnerabilities resolved and tens of thousands paid to ethical hackers for their efforts. Hack the Air Force 2.0 demonstrates continued momentum of the Hack the Pentagon program beyond just its first year, as well as a hardened attack surface.

“The most security mature organizations look to others for help,” said Alex Rice, co-founder and CTO at HackerOne. “The Department of Defense continues to innovate with each bug bounty challenge, and the latest challenge is no exception. We’re excited to bring a fresh, mission-critical asset to the hacker community with the goal of protecting the sensitive government data it contains.”

About HackerOne

HackerOne is the #1 hacker-powered security platform, helping organizations receive and resolve critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security partner. Organizations, including the U.S. Department of Defense, U.S. General Service Administration, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities. HackerOne customers have resolved over 65,000 vulnerabilities and awarded over $26M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.

Contacts

HackerOne
Katrina Dene
press@hackerone.com

Contacts

HackerOne
Katrina Dene
press@hackerone.com