U.S. Army announce new edition of its bug bounty program Hack the Army

The U.S. government has announced the launching of Hack the Army 3.0, the latest version of its vulnerability bounty program operated by the HackerOne platform.

The Armed Forces are looking for this program to help secure your digital assets and protect your computer systems from potential cyberattacks. The program is open to both civilian and military ethical hackers, although only civilians will be able to receive financial rewards if they submit valid reports.

Hack the Army is an initiative led by the Digital Defense Service (DDS) and researchers can participate only at the invitation of the Department of Defense (DOD). However, any researcher can report through DOD’s permanent vulnerability reporting program, although no financial rewards are offered to its participants.

General Adam C. Volant, chief operating officer of the U.S. Army Cyber Command, mentions: “These programs are a great measure to protect our critical networks, systems, and data with the help of cybersecurity professionals.”

For the Armed Forces, Hack the Army has become the ideal complement to strengthen existing security measures and provide additional means for identifying and correcting vulnerabilities: “Hack the Army 3.0 is based on the success of previously released programs,” adds General Volant.

The DDS has issued14 public error bounties on public websites and applications, in addition to receiving 10 reports on private programs covering internal assets. In the previous edition of Hack the Army, held between October and November 2019, the armed forces paid a total of $275,000 USD in rewards for reporting 146 valid vulnerabilities.

Moreover, the Pentagon paid $290,000 USD after receiving more than 400 reports as part of the latest edition of Hack the Air Force, its own vulnerability rewards program. These initiatives date back to 2016, and have provided more than satisfactory results for both defense agencies and the ethical hacking community.