Pentagon Bug Bounty Program Uncovers 350 Vulnerabilities

Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Endpoint Security

Department Paid $110,000 in Rewards for Submitted Vulnerability Reports Prajeet Nair (@prajeetspeaks) • October 1, 2022    

The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department’s networks as part of its experimental bug bounty program launched on American Independence Day.

See Also: Now OnDemand | C-Suite Round-up: Connecting the Dots Between OT and Identity

The week-long bug bounty challenge that ran from July 4 to July 11 was launched by the Chief Digital and Artificial Intelligence Office, Directorate for Digital Services, DoD Cyber Crime Center and the vulnerability disclosure partner HackerOne, a private firm with a platform that enables researchers to submit information about vulnerabilities and then receive cash rewards for their disclosures.

While announcing the results, HackerOne, the vulnerability disclosure partner, says DoD gained critical insights into how the hacker community competes for prizes with an end goal of strengthening the security of the hundreds of thousands of assets in the DoD scope.

Key Findings

Around 270 ethical hackers submitted 648 vulnerability reports under the DoD’s vulnerability disclosure program, which includes several critical vulnerabilities that were remediated during the bug bounty challenge, with 350 “actionable” reports.

As part of the program, “Hack U.S.” the DoD paid a total of $75,000 in rewards for submitted vulnerability reports and $35,000 for bonus awards.

“In just seven days, Hack U.S. ethical hackers submitted 648 reports, including numerous which would

Read more

Explore the site

More from the blog

Latest News