The Air Force completed its second bug bounty initiative, paying out $12,500 in the largest single bounty award of any existing federal program.
The Air Force completed its second bug bounty initiative, paying out $12,500 in the largest single bounty award of any existing federal program.

The Hack the Air Force 2.0 bug bounty program just paid out $12,500 to a hacker, the largest single bounty award of any existing federal program.

The second Air Force bug bounty initiative, executed on the HackerOne security platform, handed out $103,883 total over a 20-day period, kicking off with 24 hackers along with government personnel participating in a live challenge in the New York City subway system in December.

“We continue to harden our attack surfaces based on findings of the previous challenge and will add lessons learned from this round,” Air Force CISO Peter Kim said in a release. “This reinforces the work the Air Force is already doing to strengthen cyber defenses and has created meaningful relationships with skilled researchers that will last for years to come.”

More than 3,000 vulnerabilities have been resolved since the launch of the first federal vulnerability disclosure program in 2016 – 106 vulnerabilities were reported during the Air Force's 2.0 program, 55 of them uncovered during the live kick-off event in New York.