Posted on April 28, 2017 at 3:32 PM
A new announcement was made today by the Air Force; in which they say that the bug bounty hunt will be launched next month. Several of the Air Force’s websites will be targeted by hackers from around the world, with a goal of seeking out vulnerabilities and flaws that could pose as access points for real attackers. Any significant flaw that gets discovered will be rewarded in cash.
The bug bounty programs weren’t always a popular idea within the federal government, however, they’ve started to accept it and open up to it over the course of the last year. The first attempt by the government to accept this concept occurred last April, when “Hack the Pentagon” project was launched. It would seem that the program left a good impression, and now the Army websites are trying to use it to discover their flaws as well.
This will be the first program that will allow hackers from outside the US to participate, but not everyone can try their luck and skill. Only the hackers from the UK, Australia, Canada, the New Zealand, and of course, the US will be allowed to try and hack the Air Force. Military members will be allowed to participate as well, but they’re not allowed to earn rewards.
Peter Kim, Air Force’s chief information security officer, has said that “This is the first time the AF has opened up our networks to such broad scrutiny. We have malicious hackers trying to get into our systems every day. It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cyber security and defense posture. The additional participation from our partner nations greatly widens the variety of experience available to find additional vulnerabilities.”
Even though the bug bounties were mostly used in private industry, the agency called Defense Digital Service has been working on introducing it to the government in hope that the program will gain enough support to be accepted.
DDS’s Chris Lynch has said that the idea of ‘security through obscurity’ is backward and that in order to fix the weaknesses, they first need to know what they are. The best way to do so is to allow some of the best hackers out there to try and find a way to breach the system.
The program will be administrated by HackerOne, and everyone interested in participating can register with them starting May 15. The contest will last from May 30 to June 23.