More than 100 vulnerabilities in Air Force networks were discovered by self-styled “white-hat” hackers in the second stage of the branch’s “bug bounty” program, according to figures released last week.
“Hack the Air Force,” the name of the program, invited security researchers to find and report vulnerabilities in the service’s government systems, for which they were compensated.
The hackers came from across the globe and exposed 106 vulnerabilities in Air Force networks, which earned them nearly $104,000 combined, bug bounty platform HackerOne announced on Thursday.
Hack the Air Force is part of a larger bug bounty initiative at the Pentagon, established by Defense Secretary Ash Carter during the Obama Administration to help bolster the U.S. military’s digital defenses.
Peter Kim, the Air Force’s chief information security officer, said in a statement Thursday: “We continue to harden our attack surfaces based on findings of the previous challenge and will add lessons learned from this round. This reinforces the work the Air Force is already doing to strengthen cyber defenses and has created meaningful relationships with skilled researchers that will last for years to come.”
The largest bounty paid yet in any federal bug bounty program was $12,500 to one hacker who discovered vulnerabilities.
The Pentagon program launched in 2016 and since, white-hat hackers have turned up more than 3,000 vulnerabilities that have since been resolved.
Since then, these bug bounty initiatives have become more and more popular, as organizations and businesses want to secure their digital systems from mounting cyber threats.
Lawmakers want to expand bug bounty programs more extensively in the federal government. Two bipartisan senators have proposed a bill that would launch a pilot bug bounty program at the Department of Homeland Security.