‘Hack the Army’ Program Nets 118 Bugs

“And you thought hacking the Pentagon was easy: The US Army last week revealed details of its first bug bounty program.

The four-week Hack the Army scheme generated 416 vulnerability reports (nearly 30 percent of which are unique and actionable) and approximately $100,000 for security researchers and bug hunters.

The most significant flaw—as reported by HackerOne, a security consulting firm under contract with the Pentagon—was uncovered due to a series of chained vulnerabilities that unwittingly took a hacker from the public-facing goarmy.com site to an internal Department of Defense page usually requiring special credentials to access.”

Read more details here.

Author: Stephanie Mlot