Air Force wraps up third bug bounty program

The Defense Department closed out its third hackathon program, Hack the Air Force 3.0, with 120 valid cybersecurity vulnerabilities found in public-facing Air Force websites and services. The program ran from Oct. 19 through Nov. 22 and resulted in $130,000 in prize money for participating hackers.

This latest program run made the Air Force the first military service to host a bug bounty program three times, HackerOne, which facilitates the program, announced in a Dec. 20 release.

DOD launched its first bug bounty program in 2016 called Hack the Pentagon, an effort that has since spread to all the military services with success. The Defense Department also recently expanded its bug bounty programs, contracting three companies HackerOne, Synack, and BugCrowd for $34 million in October.

Capt. James Thomas of Air Force Digital Services said that bug bounty programs for the Air Force not only helps make systems and websites more secure but helps with talent exposure.

“By opening up these types of challenges to more countries and individuals, we get a wide range of talent and experience we would normally not have access to in order to harden out networks,” Thomas said in a statement.

So far, the Air Force has paid $350,000 in bug bounty rewards for the discovery of more than 430 security vulnerabilities.