USAF announces Hack the Air Force 3.0

  • Published
  • Secretary of the Air Force Public Affairs
The Air Force and HackerOne have teamed up for Hack the Air Force 3.0, the military service’s third and most inclusive bug bounty program.

HtAF, which stems from the Department of Defense’s “Hack the Pentagon,” allows computer experts to uncover vulnerabilities in Air Force websites, ultimately strengthening the service’s cyber posture. This year’s four-week-long program ends Nov. 22, and will focus on DoD applications that were recently migrated to an Air Force-owned cloud environment.

The program is open to 191 countries, making it the government’s largest bug bounty to date.

"Hack the AF 3.0 demonstrates the Air Forces willingness to fix vulnerabilities that present critical risks to the network,” said Wanda Jones-Heath, Air Force chief information security officer.

Hack the Air Force 3.0 offers competitive bounty awards dependent on the severity of the finding. A critical severity vulnerability nets a minimum of $5,000, with potential increase based on overall system impact. The largest single payout to date in the Hack the Pentagon public program was $10,000.

The program’s initiative was launched by the Defense Digital Service in April 2016 as the first bug bounty program employed by the federal government. More than 1,400 hackers registered to participate in the program. Nearly 200 reports were received within the first six hours of its launch and $75,000 in total bounties were paid out to participating hackers.