The Department of Defense kicked off its sixth bug bounty program Aug.12 with Hack the Marine Corps, a challenge focusing on the Corps’ public-facing websites and services.
“Hack the Marine Corps allows us to leverage the talents of the global ethical hacker community to take an honest, hard look at our current cybersecurity posture," said Maj.Gen. Matthew Glavy, the head of the U.S. Marine Corps Forces Cyberspace Command, in a news release.
“Our Marines need to operate against the best. What we learn from this program will assist the Marine Corps in improving our war-fighting platform, the Marine Corps Enterprise Network. Working with the ethical hacker community provides us with a large return on investment to identify and mitigate current critical vulnerabilities, reduce attack surfaces and minimize future vulnerabilities. It will make us more combat ready.”
The DoD launched its first bug bounty, Hack the Pentagon, in May 2016, which was considered one of the first major successes for the then-newly minted Defense Digital Service. Since then the DoD has held bug bounties for the Army, the Air Force, the Air Force again and the Defense Travel System.
The combined programs resulted in over 600 resolved vulnerabilities with approximately $500,000 awarded to the ethical hackers participating in the program.
“Information security is a challenge unlike any other for our military. Our adversaries are working to exploit networks and cripple our operations without ever firing a weapon," said Chris Lynch, the director of the Defense Digital Service.
"Sometimes, the best line of defense is a skilled hacker working together with our men and women in uniform to better secure our systems. We’re excited to see Hack the Pentagon continue to build momentum and bring together nerds who want to make a difference and help protect our nation.”
Hack the Marine Corps was launched with HackerOne, which partners with the hacker community to help businesses and government conduct bug bounties, and kicked off with a live hacking event coinciding with the Black Hat USA, DefCon and BSides conferences in Las Vegas.
The live hack resulted in 75 unique vulnerability reports and more than $80,000 in awards.
Our hacking time for tonight is complete with over $80K in bounties paid out! The event ends, but the fight is still on. Inspiring night with @MARFORCYBERand @DefenseDigital! #h1702 #TogetherWeHitHarder #HackTheMarines #HackTheMarineCorps pic.twitter.com/42dDp3umXV— HackerOne (@Hacker0x01) August 13, 2018
“Success in cybersecurity is about harnessing human ingenuity,” said Marten Mickos, CEO at HackerOne.
“There is no tool, scanner or software that detects critical security vulnerabilities faster or more completely than hackers. The Marine Corps, one of the most secure organizations in the world, is the latest government agency to benefit from diverse hacker perspectives to protect Americans on and off the battlefield.”
The bug bounty program ends Aug. 26.