This is the third bug bounty challenge that the military service has launched in a bid to shore up its information security. In fact, it is the largest bug bounty program ever launched by the federal government, with ethical hackers from 191 countries eligible to join the “Hack the Air Force 3.0” (HtAF 3.0) challenge. Up to 600 white hats are eligible to participate, all of which must be registered and vetted.
The HtAF program stems from the “Hack the Pentagon” scheme. The US Department of Defense (DoD) launched the initiative’s trial run in April 2016, having taken a cue from the technology sector in which such programs have been around for quite a while. Since then, DoS has also launched “Hack the Army” and “Hack the Marine Corps” programs.
HtAF 3.0 is focused on “DoD applications that were recently migrated to an Air Force-owned cloud environment”. The initiative – for which DoD has joined forces with Silicon Valley-based bug bounty platform provider HackerOne – runs between October 19 and November 22.
“Hack the AF 3.0 demonstrates the Air Forces’ willingness to fix vulnerabilities that present critical risks to the network,” Wanda Jones-Heath, Air Force chief information security officer, is quoted as saying.
A recent report by HackerOne shows that HtAF’s past two iterations, both of which were organized in 2017, resulted in the discoveries of more than 300 security flaws, netting the bug hunters a combined total of more than $230,000 in payouts.
Bug hunting in general can be a fairly rewarding endeavor, and we don’t have its psychological aspect in mind. HtAF 3.0 will pay out a minimum of $5,000 for identifying each vulnerability rated as critical.