White hat hacker company HackerOne released the results of the fifth iteration of the “Hack the Pentagon” bug bounty program, focused on identifying flaws in the public-facing websites of the Defense Travel System, an enterprise system DoD employees use to book travel across the globe.
Hackers filed over 100 security vulnerability reports for a total payout of $80,000, HackerOne announced May 30.
The month-long effort included 19 vetted hackers primarily from the United Stated and United Kingdom, HackerOne said. The group reported 65 vulnerabilities, 28 of which ranked high or critical in severity.
“The ‘Hack the DTS’ challenge helped uncover vulnerabilities we wouldn’t have found otherwise, complementing the great work [Defense Manpower Data Center] is already doing to protect critical enterprise systems and the people those systems serve,” said Jack Messer, project lead at DMDC.
The Hack the Pentagon initiative in totality has disclosed over 3,000 vulnerabilities in government systems. In addition to the Pentagon initiative, the Army and Air Force have launched similar bug bounties in concert with HackerOne.
“Securing sensitive information for millions of government employees and contractors is no easy task,” said Reina Staley, chief of staff and Hack the Pentagon program manager at Defense Digital Service. “No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS.”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.