Collaborate Disseminate
This year, the Air Force presented vetted hackers with a plane’s subsystem, which they duly tore up. Next year, it will be a satellite. Continue reading Air Force to offer up a satellite to hackers at Defcon 2020
The first-ever aviation “village” at the DEF CON security conference has an F-35 fighter jet simulator among its hacking targets, but that’s not the only reason the Defense Digital Service’s newly minted chief, Brett Goldstein, is hanging around this corner of the convention hall in Las Vegas. The agency sees it as a recruiting opportunity, too. “In this room and throughout the convention is some of the best security talent in the world,” Goldstein tells CyberScoop. “This is a win for me if I can spark the imagination of this community, get them to understand we want to collaborate with them, that the problem space is fascinating, and this is something they should think about.” Right now the DDS, which ran its first bug bounty program in 2016, has approximately 70 employees, some of which are civilians and some of which are active-duty military. But they rotate in and out approximately […]
The post At DEF CON’s aviation village, the military is interested in more than just the hacks appeared first on CyberScoop.
The Department of Defense’s latest bug bounty program exposed more than 100 security vulnerabilities worth $80,000 to the hackers who looked through the department’s travel booking system, officials said. HackerOne, a company that has supported bug bounty programs for the Air Force, Army and the Pentagon at large, ran Hack the DTS (Defense Travel System), which lasted 29 days and concluded April 29, 2018. DTS is used by millions of Pentagon employees around the world making it one of the wide-reaching pieces of enterprise software in the U.S. government. “Securing sensitive information for millions of government employees and contractors is no easy task,” Reina Staley, Chief of Staff and Hack the Pentagon program manager at Defense Digital Service, said in a statement. “No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS.” Just 19 vetted hackers took part in the program. They found 65 unique vulnerabilities including 28 ranking high […]
The post Pentagon’s latest bug bounty program pays out $80,000 appeared first on Cyberscoop.
Continue reading Pentagon’s latest bug bounty program pays out $80,000
The Department of Defense’s attraction to bug bounty programs continues with a contest to find security flaws in its travel booking system. The Pentagon is again pairing with HackerOne, a private company that has run similar programs for the Air Force, Army and the DoD at large, with hackers reporting hundreds of valid vulnerabilities and the Pentagon paying out hundreds of thousands of dollars. The latest program is focused on the Defense Travel System (DTS), an enterprise system that DoD personnel use to book things like airline and hotel reservations when they travel for DoD business. Because DTS is used by millions of people and maintains sensitive information, hardening its security is a priority for DoD, said Reina Staley, the chief of staff for the Defense Digital Service (DDS), which oversees the military’s bug bounty contests under the “Hack the Pentagon” program. “The quick, positive reception of the [Hack the Pentagon] program has been a major win; inviting hackers to uncover vulnerabilities in […]
The post The Pentagon’s latest bug bounty target is its travel booking system appeared first on Cyberscoop.
Continue reading The Pentagon’s latest bug bounty target is its travel booking system
The U.S. military’s love affair with bug bounty programs continues. The second iteration of “Hack the Air Force” in December paid out $103,883 in bounties to freelance hackers for 106 vulnerabilities found over a 20-day period. The highest bounty was $12,500, the largest paid by the U.S. government to date. The Air Force’s first bug bounty program launched in April 2017 following similar efforts like Hack the Pentagon and Hack the Army in 2016. In total, more than 3,000 vulnerabilities have been found in federal government systems since the programs began. The bug bounty platform HackerOne, a private company, continues to handle the military’s bug bounty initiatives. Air Force CISO Peter Kim, who helped kick off and cheerlead the service’s first round last year, also played a leading role this time. “We continue to harden our attack surfaces based on findings of the previous challenge and will add lessons learned from this round,” Kim said in a […]
The post U.S. Air Force pays out $103,883 to hackers in bug bounties appeared first on Cyberscoop.
Continue reading U.S. Air Force pays out $103,883 to hackers in bug bounties
Senators introduced a bill last week to establish a bug bounty pilot program within the Department of Homeland Security. Continue reading Hack Department of Homeland Security Act Would Bring Bug Bounty Program to DHS
With the growing number of data breaches and cyber attacks, a significant number of companies and organizations have started Bug Bounty programs for encouraging hackers and bug hunters to find and responsibly report vulnerabilities in their services an… Continue reading Hack’em If You Can — U.S. Air Force launches Bug Bounty Program