'Hack the Air Force' bug hunting challenge uncovers 120 flaws in websites and services

[InfoSec News <alerts () infosecnews org>]

https://www.zdnet.com/article/hack-the-air-force-bug-hunting-challenge-uncovers-120-flaws-in-websites-and-services/

By Steve Ranger
ZDNet News
December 20, 2018

A bug bounty challenge which asked hackers to 'Hack the Air Force' has 
resulted in 120 vulnerabilities being found and fixed and $130,000 being 
paid out to participants.

The programme, organised by the US Department of Defense (DoD) and 
bug-bounty company HackerOne, focused on public-facing Air Force websites 
and services from October 19 to November 22 this year. Nearly 30 
participating hackers submitted over 120 valid vulnerabilities throughout 
the month-long programme, and the US Air Force awarded them over $130,000 
for their efforts.

It was the seventh bug bounty program run by the DoD, and the third 
involving the air force. The idea is that programmes like this allow the 
military to find unknown security vulnerabilities with help from friendly 
hackers before they are found by anyone else.

"It's critical to allow these researchers to uncover vulnerabilities in 
Air Force websites and systems, which ultimately strengthens our 
cybersecurity posture and decreases our vulnerability surface area," 
explained Capt James "JT" Thomas, Air Force Digital Service.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_