Hack the Air Force 2.0 uncovers over 100 vulnerabilities

Participants managed to secure themselves over $103,000 in rewards.
Written by Charlie Osborne, Contributing Writer
File Photo

The second Hack the Air Force bug bounty challenge, Hack the Air Force 2.0, has resulted in 106 vulnerabilities being reported and fixed.

On Thursday, bug bounty platform HackerOne revealed that the 20-day competition to find vulnerabilities in federal systems resulted in $103,883 in payouts, bringing the total amount of financial rewards to over $233,000 to date.

Hackers from the US, Canada, UK, Sweden, Netherlands, Belgium, and Latvia participated, among other countries.

In the second competition, the highest bounty paid out was $12,500, the highest to-date in any of the federal bug bounty programs, such as Hack the Pentagon and Hack the Army, all of which are part of the US Department of Defense's (DoD) Hack the Pentagon crowd-sourced security program.

Since the initiative launched in 2016, over 3000 vulnerabilities have been reported and resolved in government systems.

In the first Hack the Air Force bug bounty scheme, it took less than a minute for a hacker to find a valid vulnerability and a total of 207 security flaws were resolved.

"We continue to harden our attack surfaces based on findings of the previous challenge and will add lessons learned from this round," said Air Force CISO Peter Kim. "This reinforces the work the Air Force is already doing to strengthen cyber defenses and has created meaningful relationships with skilled researchers that will last for years to come."

See also: The Department of Defense wants more of you to hack the Pentagon

This week, fitness tracker firm Fitbit expanded its bug bounty program to offer hackers financial rewards for reporting bugs. Intel has also ramped up its bug bounty scheme with increased payouts of up to $250,000 for side-channel vulnerabilities.

Top tips to stay safe on public Wi-Fi networks

Previous and related coverage

    Hack the Pentagon uncovers over 100 vulnerabilities in DoD systems

    If you're not afraid of the Pentagon running a criminal background check on you, the department has some cash to fork out on security bugs in its public websites.

    After huge OPM hack, Pentagon budgets $615 million for new background check IT system

    The Pentagon is looking to spend about $615 million on a new IT system that will manage and protect government security-clearance data.

    Hack the Pentagon: First US government bug bounty program opens for business

    The program doesn't include any core or critical systems, however.

      Editorial standards