Strategy, Vulnerability management

Hack the Army bug bounty program finds 118 vulnerabilities

January 23, 2017

The U.S. Army's three-week “Hack the Army” bug bounty trial ended last week with several hundred bug reports being received.

The Army reported, according to Kaspersky Labs' ThreatPost blog, that 400 hundred bug reports were received, of which, 118 were unique and actionable. The 371 people who participated were mainly civilians, however, 17 military personnel and eight government employees also submitted reports.

The bounties totaled about $100,000.

The Army was reticent to share many details regarding the vulnerabilities that were found, but it noted two flaws were discovered on the website that could be used to enter a Department of Defense website.

The Hack the Army program was modelled on an earlier trial called Hack the Pentagon, which resulted in 138 flaws being found in May.

prestitial ad