24 January 2017

Preliminary Results Indicate ‘Hack the Army’ a Success

By Mark Pomerleau

One of the main firms associated with the Hack the Army effort released the results of the service’s first bug bounty program.

In a blog post published Jan. 19, HackerOne said from Nov. 30 to Dec. 21: 
371 eligible participants registered. 
416 total reports were received. 
118 total valid reports were received 
It took five minutes to receive the first vulnerability report. 

HackerOne touted the preliminary results posted on their website as a success. Twenty-five of the 371 eligible and invited were government employees including 17 military personnel — a difference in the original Hack the Pentagon initiative.

An estimated $100,000 in bounties was paid to hackers.

HackerOne said the most significant vulnerability discovered was a series of chained vulnerabilities in which a researcher could move from the public-facing goarmy.com to an internal Department of Defense website requiring special credentials.

HackerOne also promised more to come from this effort.

Like the Defense Digital Service — a Silicon Valley-modeled node within the Pentagon focused on difficult problems, such as Hack the Pentagon — the Army and Air Force have stood up their own iteration.

No comments: