DoD Launches 'Hack the Marine Corps' Bug Bounty Program
15.8.18 securityweek Vulnerebility
The U.S. Department of Defense on Monday announced the launch of “Hack the Marine Corps,” the Military's sixth bug bounty program.
Similar to previous programs run by the Pentagon, Hack the Marine Corps is hosted by bug bounty platform HackerOne.
The goal of the bug bounty program, scheduled to run until August 26, is to help the Marine Corps improve the security of the Marine Corps Enterprise Network (MCEN), which is part of the DoD Information Network (DoDIN). The initiative will focus on the organization’s public websites and services.
Hack the Marine Corps kicked off at the DEF CON security conference in Las Vegas, where nearly 100 white hat hackers handpicked by the DoD attempted to find vulnerabilities for nine straight hours.
In this phase of the program, researchers earned more than $80,000 for finding 75 unique vulnerabilities.
“Hack the Marine Corps allows us to leverage the talents of the global ethical hacker community to take an honest, hard look at our current cybersecurity posture,” said Maj. Gen. Matthew Glavy, Commander of the U.S. Marine Corps Forces Cyberspace Command. “Our Marines need to operate against the best. What we learn from this program will assist the Marine Corps in improving our warfighting platform, the Marine Corps Enterprise Network. Working with the ethical hacker community provides us with a large return on investment to identify and mitigate current critical vulnerabilities, reduce attack surfaces, and minimize future vulnerabilities. It will make us more combat ready.”
Hack the Marine Corps was implemented with the help of Jack Cable, an 18-year-old who won the Hack the Air Force challenge. Cable has joined the Pentagon’s Defense Digital Service (DDS) for a tour of duty following his success in the previous bug bounty program.
The DoD launched its first bug bounty program, Hack the Pentagon, in May 2016. As a result of that program’s success, the organization decided to launch Hack the Army, Hack the Air Force, Hack the Air Force 2.0, and Hack the Defense Travel System.
Roughly 5,000 vulnerabilities were disclosed to the Pentagon as part of these programs, with ethical hackers earning hundreds of thousands of dollars for their work.