The Army has announced the third edition of its “Hack the Army” bug bounty program, a collaboration between U.S. Army Cyber Command (ARCYBER), Defense Digital Service (DDS), and the Army Network Enterprise Technology Command.
Hack The Army 3.0 is all set to begin December 14, 2020 and last until January 28, 2021 or until funds are exhausted.
The Army’s program began in late 2016, following the launch of DoD’s Hack the Pentagon bug bounty initiative facilitated by DDS earlier that year.
The bug bounties aim to evolve the security of DoD and Army networks, systems and data by allowing skilled civilian and military security researchers to perform specific techniques against select public-facing websites, to find vulnerabilities in those sites.
The first iteration of Hack The Army attracted 371 “white hat” hackers – including 25 government employees, of which 17 were uniformed military personnel — to a two-month challenge.
Interestingly, the event produced 416 reports that yielded 118 valid vulnerabilities, and civilian hackers were awarded about $100,000 for their discoveries.
That success was followed by Hack The Army 2.0 in late 2019, during which 52 hackers from six countries found 146 valid vulnerabilities on publicly accessible Army websites in just over a month and civilian hackers earned a total of $275,000.
ARCYBER officials hope to increase participation by military members. They are looking at ways to conduct more frequent bug bounty programs in the future.