Market Overview

U.S. Air Force Boosts Security With Second Bug Bounty Challenge on HackerOne


Trusted Hackers Earned Over $100,000 in 20 Days Through Hack the Air
Force 2.0

the leading hacker-powered security platform, today announced the
results of the second Hack the Air Force bug bounty challenge. Hack the
Air Force 2.0 invited trusted hackers from all over the world to
participate in its second bug bounty challenge in less than a year. The
20-day bug bounty challenge was the most inclusive government program
to-date, with 26
countries invited to participate

Hack the Air Force 2.0 is part of the Department of Defense's (DoD) Hack
the Pentagon crowd-sourced security initiative. Twenty-seven trusted
hackers successfully participated in the Hack the Air Force bug bounty
challenge — reporting 106 valid vulnerabilities and earning $103,883.
Hackers from the U.S., Canada, United Kingdom, Sweden, Netherlands,
Belgium and Latvia participated in the challenge. The Air Force awarded
hackers the highest single bounty award of any Federal program to-date,

On December 9, the first day of the challenge, 24 hackers met in New
York City and participated in a live
hacking event
, the first ever including federal government
participation. DoD and U.S. Air Force personnel were on-site and worked
alongside the hackers to simultaneously report security flaws and
remediate them in real-time. Together, they collaborated to find 55 of
the 106 total vulnerabilities in 9 hours during this one-day event.

"We continue to harden our attack surfaces based on findings of the
previous challenge and will add lessons learned from this round," said
Air Force CISO Peter Kim. "This reinforces the work the Air Force is
already doing to strengthen cyber defenses and has created meaningful
relationships with skilled researchers that will last for years to come."

Since the Hack the Pentagon program kicked off in 2016, over 3,000
vulnerabilities have been resolved
in government systems. The first Hack
the Air Force bug bounty challenge
resulted in 207 valid reports and
hackers earned more than $130,000 for their contributions. At the time,
it was the highest total and single rewards of any public government
program. Hack
the Army
in December 2016 surfaced 118 valid vulnerabilities and
paid $100,000, and Hack
the Pentagon
in May 2016 resulted in 138 valid vulnerabilities
resolved and tens of thousands paid to ethical hackers for their
efforts. Hack the Air Force 2.0 demonstrates continued momentum of the
Hack the Pentagon program beyond just its first year, as well as a
hardened attack surface.

About HackerOne

HackerOne is the #1 hacker-powered security platform, helping
organizations receive and resolve critical vulnerabilities before they
can be exploited. More than 1,000 organizations, including the U.S.
Department of Defense, U.S. General Service Administration, General
Motors, Google Play, Twitter, GitHub, Nintendo, Panasonic Avionics,
Qualcomm, Starbucks, Dropbox and the CERT Coordination Center trust
HackerOne to find critical software vulnerabilities. HackerOne customers
have resolved over 63,000 vulnerabilities and awarded over $25M in bug
bounties. HackerOne is headquartered in San Francisco with offices in
London and the Netherlands.

View Comments and Join the Discussion!