The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department’s networks as part of its experimental bug bounty program launched on American Independence Day.
The week-long bug bounty challenge that ran from July 4 to July 11 was launched by the Chief Digital and Artificial Intelligence Office, Directorate for Digital Services, DoD Cyber Crime Center and the vulnerability disclosure partner HackerOne, a private firm with a platform that enables researchers to submit information about vulnerabilities and then receive cash rewards for their disclosures.
While announcing the results, HackerOne, the vulnerability disclosure partner, says DoD gained critical insights into how the hacker community competes for prizes with an end goal of strengthening the security of the hundreds of thousands of assets in the DoD scope.
Around 270 ethical hackers submitted 648 vulnerability reports under the DoD’s vulnerability disclosure program, which includes several critical vulnerabilities that were remediated during the bug bounty challenge, with 350 “actionable” reports.
As part of the program, “Hack U.S.” the DoD paid a total of $75,000 in rewards for submitted vulnerability reports and $35,000 for bonus awards.
“In just seven days, Hack U.S. ethical hackers submitted 648 reports, including numerous which would