Aug. 10 (UPI) — More than 200 vulnerabilities to U.S. Air Force IT domains were uncovered by white-hat hackers during a 24-day period earlier this year, the Air Force announced today.
The 207 vulnerabilities were found from May 30 through June 23 by vetted U.S. and international hackers in a federal bug bounty program involving the Air Force and HackerOne, a hacker-powered security platform connecting organizations with the world’s largest community of trusted hackers.
“Every organization needs to identify and fix their software vulnerabilities,” said HackerOne Chief Executive Officer Marten Mickos. “The most effective way is to ask the external world for help.
“We’ve seen new levels of success with every federal bug bounty challenge and Hack the Air Force is no exception. Activating the global hacker community to shore up their digital defenses is enabling faster progress than ever before.”
According to HackerOne, more than $130,000 in bounties were paid to participating hackers for their discoveries.
A total of 272 hackers participated in the program and scoured public-facing USAF IT domains for security vulnerabilities. They were paid between $100 and $5,000 per valid vulnerability reported. A 17-year-old earned the most during the program after filing 30 valid reports.
HackerOne performed similar projects before for the Pentagon and the U.S. Army.
“Adversaries are constantly attempting to attack our websites, so we welcome a second opinion — and in this case, hundreds of second opinions — on the health and security of our online infrastructure,” Air Force Chief Information Security Officer Peter Kim said in a press release. “By engaging a global army of security researchers, we’re better able to assess our vulnerabilities and protect the Air Force’s efforts in the skies, on the ground and online.”