The Defense Digital Service (DDS) and HackerOne have announced the launch of a new bug bounty program, in which participants will attempt to uncover vulnerabilities in the US Army’s digital systems.
This will be the 11th bug bounty program to take place between the DDS and HackerOne, and the third with the US Department of the Army, offering the chance for military and civilian participants to discover vulnerabilities in exchange for monetary rewards. It will run from January 6 to February 17 2021, and is named Hack the Army 3.0.
Participation is by invitation only to civilian hackers and members of the US military, with bug bounties offered only to civilian hackers when valid security vulnerabilities are found according to the program policy.
The purpose of the program is to highlight security vulnerabilities in the US Army’s digital assets before they can be exploited by nefarious actors. These can then be secured to prevent successful cyber-attacks taking place.
Brig. Gen. Adam C. Volant, US Army cyber-command director of operations commented: “Bug bounty programs are a unique and effective ‘force multiplier’ for safeguarding critical Army networks, systems and data, and build on the efforts of our Army and DoD security professionals.
“By ‘crowdsourcing’ solutions with the help of the world’s best military and civilian ethical hackers, we complement our existing security measures and provide an additional means to identify and fix vulnerabilities. Hack the Army 3.0 builds upon the successes and lessons of our prior bug bounty programs.”
Marten Mickos, CEO of HackerOne, said: “We are living in a different world today than even just a year ago. Amid disinformation and a global health crisis, citizens are increasingly wary of how, when and where their information is used. For years, the US Department of Defense and respective military branches have successfully strengthened their cybersecurity posture and protected precious data by enlisting the help of ethical hackers on HackerOne. Years later, hacker-powered security is not only a best practice in the US military, but it is now a mandated requirement among civilian federal agencies. There is only one way to secure our connected society, together, and the US Army is leading the charge with this latest challenge.”
DDS has made extensive use of bug bounty challenges of this nature to improve security systems of US government departments. Since Hack the Pentagon was launched back in 2016, it has executed 14 public bounties on external-facing websites and applications in addition to 10 private bounties on sensitive internal systems in the US Department of Defense. These include Hack the Pentagon, Hack the Defense Travel System and Hack the Air Force.