The U.S. Department of Defense (DoD) and HackerOne together announced the creation of a new bug bounty program called "Hack the Marine Corps."
On 12 August, DoD kicked off its new vulnerability disclosure initiative at DEF CON 26 in Las Vegas, Nevada with a live hacking session. For the launch event, 100 ethical hackers hand-selected by the Department of Defense spent nine straight hours scouring the Marine Corps' public-facing websites and services for vulnerabilities. Those security researchers, who worked alongside Marines from the U.S. Marine Corps Cyberspace Command (MARFORCYBER), filed 75 vulnerability reports during the hacking session and received a total of $80,000 in awards. Maj.Gen. Matthew Glavy, commander of MARFORCYBER, said he's pleased with the creation of the bug bounty program. As quoted in a press release:
Hack the Marine Corps allows us to leverage the talents of the global ethical hacker community to take an honest, hard look at our current cybersecurity posture. Our Marines need to operate against the best. What we learn from this program will assist the Marine Corps in improving our warfighting platform, the Marine Corps Enterprise Network. Working with the ethical hacker community provides us with a large return on investment to identify and mitigate current critical vulnerabilities, reduce attack surfaces, and minimize future vulnerabilities. It will make us more combat ready.
Hack the Marine Corps is the latest bug bounty program announced under the "Hack the Pentagon" digital security initiative. Since the creation of that challenge, security researchers have reported over 5,000 vulnerabilities discovered in government systems. They've done so as part of sub-programs of Hack the Pentagon including "Hack the Army" and "Hack the Defense Travel System (DTS)." DoD designed Hack the Marine Corps to run on HackerOne's platform and focus on strengthening the security of the Marine Corps Enterprise Network (MCEN). This program is set to run until 26 August 2018.