US kickoff new cyber challenge to identify vulnerabilities in government web assets
The US Department of Defense (DoD) and HackerOne have announced the launch of the second ‘Hack the Army’ challenge to identify vulnerabilities in government web assets.
The 4-week challenge, the ninth bug bounty program with the DoD, will run until 8 November.
Led by the Defense Digital Service, ‘Hack the Army ‘ enables hackers to find vulnerabilities in more than 60 publicly available internet properties. Crowd-sourced security testing can help improve system security.
The first Hack Army challenge involved around 400 hackers from around the world. Hackers have found 118 flaws in the bug bounty program.
US military and government staff are invited to take part in the bug bounty competition.
The project is also available to participation by HackerOne-authorized individuals.
Stephen Fogarty, Army Cyber Command commanding general, said, “Opening up the army’s cyber terrain to the hacker community is exactly the type of outside-the-box, partnership approach we need to take to rapidly harden and better defend our most foundational weapons system: the army network.”
Alex Romero, Department of Defence Digital Service Digital Service Expert said, “It is our duty to ensure our citizens are protected from cyber threats, and finding new and innovative ways to do so is vital.
Romero added, “Our adversaries are determined and creative, so we must be every bit more of both. This latest HackerOne challenge allows us to continue to harden the army’s attack surfaces with the talent and diverse perspectives of HackerOne’s vetted hacker community.”
HackerOne CEO Marten Mickos said, “Over the past three years, our hackers have helped the DoD find and resolve more than 10,000 vulnerabilities, and we are excited to bring this new challenge to the uniquely talented hacker army up for the task.”
The US and the United Kingdom have recently entered into a data access arrangement that will allow UK law enforcement agencies to demand electronic data on serious criminals directly from US tech companies.