Normally the U.S. Army would not tout the success of an attacker, but in the case of Hack the Army 2.0 bug bounty program the service proudly announced 146 vulnerabilities were found.
The platoon-sized unit of white hat hackers, 52 individuals, found the valid vulnerabilities while investigating 60 publicly accessible Army websites, including army.mil, .goarmy.mil, and the Arlington Cemetery website. The helpful hackers hailed from the U.S., Canada, Romania, Portugal, Netherlands, and Germany earned a total of $275,000 for their efforts.
“Participation from hackers is key in helping the Department of Defense boost its security practices beyond basic compliance checklists to get to real security. With each Hack the Army challenge, our team has strengthened its security posture,” said Alex Romero, digital service expert at the Department of Defense Defense Digital Service.
The top three participants, @alyssa_herrera, @erbbysam, and @cdl, were honored at an awards ceremony where they also discussed their experience in the program.