Registration opens for DOD bug bounty program


Air Force wraps up third bug bounty program

The Defense Department closed out its third hackathon program, Hack the Air Force 3.0, with 120 valid cybersecurity vulnerabilities found in public-facing Air Force websites and services. The program ran from Oct. 19 through Nov. 22 and resulted in $130,000 in prize money for participating hackers.

This latest program run made the Air Force the first military service to host a bug bounty program three times, HackerOne, which facilitates the program, announced in a Dec. 20 release.

DOD launched its first bug bounty program in 2016 called Hack the Pentagon, an effort that has since spread to all the military services with success. The Defense Department also recently expanded its bug bounty programs, contracting three companies HackerOne, Synack, and BugCrowd for $34 million in October.

Capt. James Thomas of Air Force Digital Services said that bug bounty programs for the Air Force not only helps make systems and websites more secure but helps with talent exposure.

“By opening up these types of challenges to more countries and individuals, we get a wide range of talent and experience we would normally not have access to in order to harden out networks,” Thomas said in a statement.

So far, the Air Force has paid $350,000 in bug bounty rewards for the discovery of more than 430 security vulnerabilities.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.

Defense Systems Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.