Defense Digital Service Announced the Launch of DDS’s 11th Bug Bounty Program with HackerOne
HackerOne | January 07, 2021
The Defense Digital Service (DDS) and HackerOne today announced the dispatch of DDS's 11th bug abundance program with HackerOne and the third with the U.S. Branch of the Army. Hack the Army 3.0 is a period bound, programmer controlled security test pointed toward surfacing weaknesses so they can be settled before they are abused by foes. The bug abundance program is available to both military and regular citizen members and will run from January 6, 2021 through February 17, 2021.
Bug abundance programs, similar to Hack the Army 3.0, boost security examination and announcing of genuine security weaknesses in return for money related awards for qualified weaknesses and members. These projects are an industry best practice utilized by the most full grown associations across the world. By unveiling weaknesses to security groups, regular citizen and military programmers will help the U.S. Armed force secure digital resources and guard against cyberattacks. Hack the Army is one illustration of the Army and DoD's ability to seek after imaginative and nontraditional ways to deal with guarantee the capacity and security of individuals, organizations, and information.
"Bug bounty programs are a unique and effective 'force multiplier' for safeguarding critical Army networks, systems and data, and build on the efforts of our Army and DoD security professionals," said Brig. Gen. Adam C. Volant, U.S. Army Cyber Command Director of Operations. "By 'crowdsourcing' solutions with the help of the world's best military and civilian ethical hackers, we complement our existing security measures and provide an additional means to identify and fix vulnerabilities. Hack the Army 3.0 builds upon the successes and lessons of our prior bug bounty programs."
“We are proud of our continued partnership with the Army to challenge the status quo in strengthening the security of military systems and shifting government culture by engaging ethical hackers to address vulnerabilities,” says Brett Goldstein, Director, Defense Digital Service. “We’re calling on civilian and military hackers to show us what they’ve got in this bug bounty and to help train the future force.”
Participation in the Hack the Army 3.0 bug abundance challenge is open by greeting just to regular citizen programmers and dynamic U.S. military individuals. Bug bounties might be offered to regular citizen programmers for substantial security weaknesses as indicated by the program strategy. Military and temporary worker staff are not qualified to get monetary prizes.
“We are living in a different world today than even just a year ago,” said Marten Mickos, CEO of HackerOne. “Amidst disinformation and a global health crisis, citizens are increasingly wary of how, when, and where their information is used. For years, the U.S. Department of Defense and respective military branches have successfully strengthened their cybersecurity posture and protected precious data by enlisting the help of ethical hackers on HackerOne. Years later, hacker-powered security is not only a best practice in the US military, but it is now a mandated requirement among civilian federal agencies. There is only one way to secure our connected society, together, and the U.S. Army is leading the charge with this latest challenge.”
DDS has been a harbinger in programmer fueled security testing since the time the dispatch of "Hack the Pentagon" in 2016. DDS's Hack the Pentagon group has executed 14 public bounties on outside confronting sites and applications, and ten private bounties on a scope of delicate, inside frameworks in the U.S. Branch of Defense (DoD). Instances of past private bounties incorporate coordinations frameworks, actual equipment, and faculty frameworks.
In partnership with DDS, HackerOne has launched more federal programs than any other hacker-powered security provider and is the only bug bounty platform that is FedRAMP authorized. Previous bug bounty challenges and results include: Hack the Pentagon, Hack the Army, Hack the Air Force, Hack the Air Force 2.0, Hack the Defense Travel System, Hack the Army 2.0, Hack the Air Force 3.0, Hack the Air Force 4.0, Hack the Proxy and Hack the Marine Corps. DDS also launched a Vulnerability Disclosure Program (VDP) for the DoD in 2016, which is now one of the most successful programs of its kind with hackers reporting over 20,000 security vulnerabilities to date. Hackers who become aware of any vulnerabilities can safely disclose them to the DoD at any time through this ongoing VDP with HackerOne.
HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Verizon Media. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020. Headquartered in San Francisco, HackerOne has a presence in London, New York, the Netherlands, France, Singapore, and over 70 other locations across the globe.
About Defense Digital Service
The Defense Digital Service was established by the U.S. Secretary of Defense in November 2015 as a SWAT team of nerds that provides the best in modern technical knowledge designed to bolster national defense. We are primarily based in the Pentagon, but we also have satellite offices in Augusta, Georgia and co-located at the Defense Innovation Unit in Mountain View, California. Our range of talent includes world-class software developers, designers, product managers, digital experts and bureaucracy hackers from both the private sector and within government.