Ethical hackers found 31 vulnerabilities – one rated critical while nine got a high severity rating – during the Pentagon’s Hack the Proxy program on the HackerOne platform.
Although the Sept. 3-18 initiative was eighth version of the bug bounty program, it was the first “focused on securing content intermediaries for publicly accessible proxy servers owned by the government,” the Defense Department said in a statement. Around 81 hackers participated in the program, which paid out $33,750 to those who uncovered valid bugs. A single hacker based in the U.S. snagged $16,000 of the bounty.
“USCYBERCOM continuously advances defensive operations. Validating capabilities, closing previously unknown vulnerabilities, and enforcing standards improve our ability to conduct multi-domain military operations,” U.S. Cyber Command’s Directorate of Operations Master Sergeant Michael Methven said in a release. “Hack the Proxy is an important approach that leverages crowd-sourced talent for an outside-in view of our vulnerabilities. At little cost, we identify and mitigate vulnerabilities more effectively, making the Department’s networks more resilient and securing our data from malicious cyber actors.”
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.