Hack the Air Force Ponies Up
$130K in Bounties
August 10, 2017
results are in for Hack the Air Force, the “white-hat hacker”
bug bounty program designed to better secure Air Force online
assets that ran May 30-June 23, 2017.
Bug bounty programs are an industry standard practice that helps
better secure an organization’s internet presence. These
programs crowd source sanctioned hackers to identify
vulnerabilities within systems, which then allows the
organization to quickly remedy those vulnerabilities.
“Adversaries are constantly attempting to attack our websites,
so we welcome a second opinion — and in this case, hundreds of
second opinions — on the health and security of our online
infrastructure,” said Peter Kim, the Air Force Chief Information
Security Officer. “By engaging a global army of security
researchers, we’re better able to assess our vulnerabilities and
protect the Air Force’s efforts in the skies, on the ground and
More than 270 registered and vetted information security
specialists from across the U.S., United Kingdom, Canada,
Australia and New Zealand discovered 207 valid vulnerabilities
during the contest. Participants earned more than $130,000 in
Two participants in the program were active duty military
personnel and 33 participants came from outside the U.S. Top
participating hackers were under 20 years old, including a
17-year-old who submitted 30 valid reports and earned the
largest bounty sum during the challenge window.
HTAF was the most expansive federal bug bounty program to date,
and the first time any federal bug bounty challenge has been
open to international hackers. It built upon the success of
previous Department of Defense hacking events, Hack the Pentagon
and Hack the Army.
“The ideal end-state is that bug bounties become a regular,
common tool in securing all IT assets across the Department of
Defense,” said Hunter Price, the Air Force Digital Service lead.
“We will always have security vulnerabilities. We can approach
that reality of one two ways: we can deny it, or we can be
proactive, open to it and use every tool in our toolbox to
remediate or mitigate them.”