Alex Rice – WindowsTechs.com

Pentagon’s latest bug bounty program pays out $80,000

Posted on May 31, 2018 by Patrick Howell O'Neill

The Department of Defense’s latest bug bounty program exposed more than 100 security vulnerabilities worth $80,000 to the hackers who looked through the department’s travel booking system, officials said. HackerOne, a company that has supported bug bounty programs for the Air Force, Army and the Pentagon at large, ran Hack the DTS (Defense Travel System), which lasted 29 days and concluded April 29, 2018. DTS is used by millions of Pentagon employees around the world making it one of the wide-reaching pieces of enterprise software in the U.S. government. “Securing sensitive information for millions of government employees and contractors is no easy task,” Reina Staley, Chief of Staff and Hack the Pentagon program manager at Defense Digital Service, said in a statement. “No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS.” Just 19 vetted hackers took part in the program. They found 65 unique vulnerabilities including 28 ranking high […]

The post Pentagon’s latest bug bounty program pays out $80,000 appeared first on Cyberscoop.

Continue reading Pentagon’s latest bug bounty program pays out $80,000→

The Pentagon’s latest bug bounty target is its travel booking system

Posted on April 2, 2018 by Zaid Shoorbajee

The Department of Defense’s attraction to bug bounty programs continues with a contest to find security flaws in its travel booking system. The Pentagon is again pairing with HackerOne, a private company that has run similar programs for the Air Force, Army and the DoD at large, with hackers reporting hundreds of valid vulnerabilities and the Pentagon paying out hundreds of thousands of dollars. The latest program is focused on the Defense Travel System (DTS), an enterprise system that DoD personnel use to book things like airline and hotel reservations when they travel for DoD business. Because DTS is used by millions of people and maintains sensitive information, hardening its security is a priority for DoD, said Reina Staley, the chief of staff for the Defense Digital Service (DDS), which oversees the military’s bug bounty contests under the “Hack the Pentagon” program. “The quick, positive reception of the [Hack the Pentagon] program has been a major win; inviting hackers to uncover vulnerabilities in […]

The post The Pentagon’s latest bug bounty target is its travel booking system appeared first on Cyberscoop.

Continue reading The Pentagon’s latest bug bounty target is its travel booking system→

DoD Opens .Mil to Legal Hacking, Within Limits

Posted on November 23, 2016 by BrianKrebs

Hackers of all stripes looking to test their mettle can now legally hone their cyber skills, tools and weaponry against any Web property operated by the U.S. Department of Defense, according to a new military-wide policy for reporting and fixing security vulnerabilities.

Security researchers are often reluctant to report programming flaws or security holes they’ve stumbled upon for fear that the vulnerable organization might instead decide to shoot the messenger and pursue hacking charges. But on Nov. 21, the DoD aimed to clear up any ambiguity on that front for the military’s substantial online presence, creating both a centralized place to report cybersecurity flaws across the dot-mil space as well as a legal safe harbor (and the prospect of public recognition) for researchers who abide by a few ground rules. Continue reading DoD Opens .Mil to Legal Hacking, Within Limits→

Kaspersky Lab Launches Bug Bounty Program

Posted on August 2, 2016 by Michael Mimoso

Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. Continue reading Kaspersky Lab Launches Bug Bounty Program→

Uber Bug Bounty Rewards Loyalty, Promises Transparency

Posted on March 23, 2016 by Michael Mimoso

Uber announced a public bug bounty program that will pay up to $10,000 for critical bugs, and which also includes a loyalty program that pays bonuses for five or more finds. Continue reading Uber Bug Bounty Rewards Loyalty, Promises Transparency→