Ethical hackers were awarded over $100,000 for finding and fixing security weaknesses. Credit: TJ Stege

Security research and ethical hacking company HackerOne hosted an event at which hackers found 106 vulnerabilities in the US Air Force’s cybersecurity systems and were awarded $103,883 for their efforts.

The Hack the Air Force bounty bug challenge – the second such event following the success of the first run, which paid out over $130,000 to hackers in 2017 – invited hackers from 26 countries to hack into USAF systems to expose and fix security weaknesses. A spokesperson at HackerOne commented that ‘the total vulnerabilities for [Hack the Air Force] 2.0 are all new – not vulnerabilities that had surfaced before.’

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

The challenge began on 9 December 2017 with a live-hacking event, where 24 hackers worked with DoD and Air Force personnel to find 55 vulnerabilities within nine hours.

“Hacker-powered security is emerging as the most potent cure to the sorry state of software security,” said HackerOne CEO Marten Mickos. “The vulnerabilities that go unnoticed by scanners and other expensive security products are more quickly and more cost-effectively found by ethical hackers.”

HackerOne has worked with companies such as GM and Starbucks since 2016, and their hackers have been paid over $25 million by companies in return for their help in identifying cybersecurity risks. The group currently has over 100,000 members and plans to continue expanding.

The challenge is part of the US Department of Defense’s (DoD) Hack the Pentagon security scheme, which offers cash prizes to hackers who are able to penetrate the defences of the Pentagon, and the US Army, during specified timeframes. Since the scheme started in 2016, over 3,000 vulnerabilities have been resolved in US government systems, and hackers have been awarded over $330,000 for their work.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“We continue to harden our attack surfaces based on findings of the previous challenge and will add lessons learned from this round,” said Air Force CISO Peter Kim.

“This reinforces the work the Air Force is already doing to strengthen cyber defences and has created meaningful relationships with skilled researchers that will last for years to come.”