The Air Force has kicked off a second wave of its bug bounty program, dubbed Hack the Air Force, aimed at better protecting the service’s networks.

The program allows pre-approved “ethical” hackers to penetrate certain portions of military websites in search of vulnerabilities for potential cash payouts.

The first Hack the Air Force event was described as the most successful bug bounty to date, opening up participation to international hackers for the first time. The Army and Defense Department have run similar events.

[Now the Air Force wants to get hacked, too]

Previously unannounced, Hack the Air Force 2.0 kicked off Saturday Dec. 9 in New York City, according to a blog post from HackerOne, a bug bounty company partnering with DoD on its various bug bounty efforts. Government and Defense Department leaders have announced earlier iterations of the program.

[DoD entrenches bug bounty program]

[Army announces its own ‘Hack the Pentagon’]

During nine hours of hacking at the Dec. 9 event, 25 civilian hackers from seven countries along with seven airmen reported a total of 55 vulnerabilities with six members of the Defense Media Activity supporting remediation on-site. All told, the Air Force doled out $26,883 for loopholes discovered.

In one instance, a hacker reported a vulnerability in an Air Force website that was used to pivot onto DoD’s unclassified network. Under the supervision of DoD personnel, the hacker was authorized to keep digging to see how far they could go, according to HackerOne.

“We wouldn’t have found this without you,” DMA Public Web Chief of Operations James Garrett, said to the hackers.

At the conclusion of the Dec. 9 event, DoD leaders announced Hack the Air Force 2.0 will continue through Jan. 1, 2018 and will be open to citizens from the United States, Australia, Canada, New Zealand, United Kingdom as well as citizens from NATO countries. U.S. service members are also eligible to participate but are not eligible for bounties.

DoD has resolved over 3,000 vulnerabilities from public facing websites through its various bug bounty programs over the past year, HackerOne said. As a result, hackers have been paid over $300,000 in bounties.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

Share:
More In IT and Networks
NORTHCOM wants millions more for AI and data handling
U.S. Northern Command has asked Congress for almost $30 million to buy information technology equipment and to optimize infrastructure for artificial intelligence and machine learning at its joint operations center with the North American Aerospace Defense Command.
How to put the joint in JADC2
As DoD continues to advance JADC2, it must contend with how to create a truly joint approach while avoiding the pitfalls of past attempts at joint systems.