Market Overview

U.S. Department of Defense Announces Hack the Marine Corps Bug Bounty Program With HackerOne


Seventy-five Security Vulnerabilities Discovered at Kickoff with Help
from Hackers

The U.S. Department of Defense (DoD) and HackerOne,
the leading hacker-powered security platform, today announced the launch
of the Department's sixth bug bounty program, Hack the Marine Corps. The
bug bounty challenge will focus on Marine Corps' public-facing websites
and services in order to harden the defenses of the Marine Corps
Enterprise Network (MCEN). The bug bounty program will conclude on
August 26, 2018.

The Marine Corps' bug bounty program kicked off with a live-hacking
event in Las Vegas, Nev. on August 12, 2018 coinciding with the world's
largest hacker and security conferences, Black Hat USA, DefCon and
BSides Las Vegas. Nearly 100 hand-selected ethical hackers from the
global security researcher community participated in nine straight hours
of hacking Marine Corps public-facing websites and services for
vulnerabilities. During the launch event, expert security researchers
were shoulder-to-shoulder with the Marines from U.S. Marine Corps
Cyberspace Command (MARFORCYBER), representing both offensive and
defensive cyber teams. Hackers filed 75 unique valid security
vulnerability reports during the event and were awarded over $80,000 for
helping further secure the MCEN, the Marine Corps' portion of the DoD
Information Network (DoDIN).

"Hack the Marine Corps allows us to leverage the talents of the global
ethical hacker community to take an honest, hard look at our current
cybersecurity posture. Our Marines need to operate against the best.
What we learn from this program will assist the Marine Corps in
improving our warfighting platform, the Marine Corps Enterprise Network.
Working with the ethical hacker community provides us with a large
return on investment to identify and mitigate current critical
vulnerabilities, reduce attack surfaces, and minimize future
vulnerabilities. It will make us more combat ready," said Maj.Gen.
Matthew Glavy, Commander, U.S. Marine Corps Forces Cyberspace Command.

U.S. Marine Corps

The Hack the Marine Corps bug bounty program supports the Marine Corps'
ongoing commitment to hardening its defensive posture and overall
cybersecurity. In March, the Marine Corps announced the creation of a
cyberspace career field that provides a professionalized, highly skilled
workforce that can effectively employ cyberspace capabilities and
effects. These efforts are part of the Corps' commitment to fighting and
winning – in all domains.

Hack the Pentagon

Hack the Marine Corps is part of the Hack
the Pentagon
crowd-sourced security initiative with the DoD's
Defense Digital Service (DDS) and HackerOne. Recognizing many of the
nation's biggest companies use bug bounties to improve the security and
delivery of digital services, DDS launched the federal government's
first bug bounty challenge in collaboration with HackerOne in 2016.

"Information security is a challenge unlike any other for our military.
Our adversaries are working to exploit networks and cripple our
operations without ever firing a weapon," said DDS Director Chris Lynch.
"Sometimes, the best line of defense is a skilled hacker working
together with our men and women in uniform to better secure our systems.
We're excited to see Hack the Pentagon continue to build momentum and
bring together nerds who want to make a difference and help protect our

Since the launch of Hack the Pentagon, more than 5,000 valid
vulnerabilities have been reported in government systems. These bug
bounty challenges include:

  • Hack
    the Pentagon
    launched in May 2016 and resulted in 138 valid
    vulnerabilities resolved and tens of thousands of dollars paid to
    ethical hackers for their efforts.
  • Hack
    the Army
    launched in December 2016 and surfaced 118 valid
    vulnerabilities resolved and paid $100,000 to ethical hackers.
  • Hack
    the Air Force
    launched in April 2017 and resulted in 207 valid
    vulnerabilities resolved and more than $130,000 paid to ethical
  • Hack
    the Air Force 2.0
    launched in December 2017 and resulted in
    106 valid vulnerabilities resolved and $103,883 paid to hackers.
  • Hack
    the Defense Travel System
    launched in April 2018 and focused
    on testing a DoD enterprise system and resulted in 100 security
    vulnerabilities reported and $80,000 paid to hackers.

After the close of bug bounty challenges, hackers who become aware of
vulnerabilities can disclose
them to the DoD
through its ongoing vulnerability disclosure program
with HackerOne. The Defense Department launched its Vulnerability
Disclosure Policy in 2016 as part of Hack the Pentagon to provide a
legal avenue for security researchers to find and disclose
vulnerabilities in any DoD public-facing systems.

"Success in cybersecurity is about harnessing human ingenuity," said
Marten Mickos, CEO at HackerOne. "There is no tool, scanner, or software
that detects critical security vulnerabilities faster or more completely
than hackers. The Marine Corps, one of the most secure organizations in
the world, is the latest government agency to benefit from diverse
hacker perspectives to protect Americans on and off the battlefield."

Ethical Hacker Tapped by Pentagon to Support Bug Bounty Initiatives

After winning the Hack the Air Force challenge, renowned ethical hacker
Jack Cable joined DDS, the DoD agency that leads the Hack the Pentagon
program, for a tour of duty. 18-year old Cable helped to support and
implement the Hack the Marine Corps Challenge, lending his unique,
hacker security skills and perspective towards the planning of bug
bounties for the government. Ethical hackers, security researchers,
engineers, and others interested in joining DDS can learn more here.

Defense Digital Service

The Defense
Digital Service
is a team of top tech talent on a tour of duty at
the Pentagon to improve technology across the Department. DDS applies
industry best practices to high-impact national security missions and
tackles some of DoD's most complex IT challenges. Projects include
reforming digital services that provide military families access to
critical benefits, developing drone detection technologies, hunting
adversaries on DoD networks, and redesigning training for cyber
soldiers. DDS is an agency team of the U.S.
Digital Service
. The DDS Director reports directly to the Secretary
of Defense.

About HackerOne

HackerOne is the #1 hacker-powered
security platform
, helping organizations find and fix critical
vulnerabilities before they can be exploited. More Fortune 500 and
Forbes Global 1000 companies trust HackerOne than any other
hacker-powered security alternative. The U.S. Department of Defense,
General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic
Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination
Center and over 1,000 other organizations have partnered with HackerOne
to resolve over 76,000 vulnerabilities and award over $32M in bug
. HackerOne is headquartered in San Francisco with offices
in London, New York, and the Netherlands.

For a comprehensive look at the industry based on the largest repository
of hacker reported vulnerability data, download the The
Hacker-Powered Security Report 2018

View Comments and Join the Discussion!