First it was Hack the Pentagon, then last year Hack the Army, and now in 2017 the Air Force is getting in on the bug bounty action.The original Hack the Pentagon bug bounty program debuted in March 2016 as an effort to enable security researchers to attack a limited set of Pentagon IT assets in a certain time period. The effort was expanded in October 2016 into a wider effort with the Department of Defense Digital Services organization to enable to different branches of the armed forces to benefit from bug bounties.The U.S Army announced its bug bounty effort in November 2016 as the first engagement under the November 2016 contract. The U.S. Air Force is a further expansion and will allow researchers from the U.S as well as the United Kingdom, Canada, Australia and New Zealand to participate.”Hack the Air Force has the largest scope of participation yet,” Reina Staley, Chief of Staff at U.S Defense Digital Services, told eSecurityPlanet.AdvertisementStaley noted that the very first DoD pilot bug bounty, Hack the Pentagon, was limited to participation by only US citizens.”Since the success of Hack the Pentagon and the subsequent Hack the Army bounty, we’ve been working to continually expand the bounds for participation by everyone,” she said. “For this round with the Department of the Air Force, we’re excited to include the citizens of a few allied nations.”Much like the other programs that HackerOne runs for the U.S Armed Services, the bug bounty is not an open invitation to hack anything that a security researcher wants. Peter Kim, CISO, US Air Force said that Hack the Air Force will be limited to only public facing web assets.
Hackers Aim High to Hack the U.S. Air Force