THE BOUNTY HUNTER ORGANISATION OUTFIT, HackerOne has reported that the Hack the Air Force program is the most successful federal one in history, with the first vulnerability reported in less than one minute.
This one minute vulnerability must have been one that the sort of white hat hacker that the Feds will really like, because they sat on it for some time rather than taking it to some dark forum somewhere.
A range of vulnerabilities, and remember that these bugs will be kind of associated with expensive, flying, armoured and highly capable vehicles and their associated systems. Just imagine Tom Cruise trying to fly his geese across the battlefield while someone is fiddling with his joystick. What a nightmare.
Hack the Air Force produced 207 valid vulnerabilities and raised more than $130,000 in bounties for white-hat hackers. The challenge was international to a point and was open to the Five Eyes collection of countries, the US, the United Kingdom, Canada, Australia and New Zealand.
"Every organization needs to identify and fix their software vulnerabilities. The most effective way is to ask the external world for help," said Marten Mickos, CEO of HackerOne.
"We've seen news levels of success with every federal bug bounty challenge and Hack the Air Force is no exception. Activating the global hacker community to shore up their digital defenses is enabling faster progress than ever before."
It is the third hack the department of defence that HackerOne has run, and its most successful. Apparently hacking the US Army or Pentagon isn't quite as cool. Hacking the Air Force, and saving all that wildfowl, isn't going to enable any retirement plans, unless one or two guys bagged the lot. It ran for 24 days and let a pre approved set of 272 hackers go crackers on its public facing domains.
Bounties ranged between $100 and $5000, and while two participants were active duty military personnel, over 30 were from foreign countries. One kid, someone under 20 years of age, took the largest bounty on offer. We bet he spent it all in one place.
"Adversaries are constantly attempting to attack our websites, so we welcome a second opinion — and in this case, hundreds of second opinions — on the health and security of our online infrastructure," said Peter Kim, U.S. Air Force Chief Information Security Officer by way of introduction.
"By engaging a global army of security researchers, we're better able to assess our vulnerabilities and protect the Air Force's efforts in the skies, on the ground and online." µ
More wise words from Mountain View
Firm failed to say that launch prices were only an 'introductory offer'
We think we all have an airbag problem
Give us a break