This past spring, the U.S. Air Force invited hackers from around the world to expose its security weaknesses. These “white-hat” hackers are paid to find security holes, and a 17-year-old came out on top of this bug bounty, exposing 30 vulnerabilities.
Hackers were paid more than $130,000 in rewards, and prices went from $100 to $5,000 per bug uncovered.
In all, Hack the Air Force turned up 207 system vulnerabilities, nine of which were considered critical or high severity.
In the past, the U.S. Defense Department has issued Hack the Pentagon, which uncovered 138 holes, and Hack the Army, which exposed 118 security holes.
This time, the bug bounty program was open to not only Americans, but also to hackers from Canada, the United Kingdom, Australia and New Zealand.
“Bug bounties recruit ethical or white-hat hackers to find security holes within an organization’s computer networks,” according to a Defense One report.
Hack the Air Force ran from May 30 to June 23; more than 272 security researches tackled the Air Force’s 13 public-facing sites, Defense One said – the first vulnerability was reported in less than a minute after the bug bounty launched.
“Many corporations use the [bug bounty] initiatives to protect themselves against malicious black-hat hackers, who look to exploit holes in security or to sell exploitable vulnerabilities to cyber crime organizations,” Defense One reported. “The cybersecurity platform HackerOne organized all three of [the Department of Defense’s] bug bounties, and last year signed a contract to run similar programs for the department in the future.”