Ever wanted to hack a major branch of the U.S. military? Your ship has arrived, so to speak: the Department of Defense (DoD) is giving tech pros the opportunity to “hack the Air Force.”
Launched in conjunction with HackerOne, which hosts bug bounties for companies and institutions, “Hack the Air Force” is reportedly a larger bug-bounty program than “Hack the Pentagon” or “Hack the Army,” the DoD’s earlier efforts.
“This outside approach—drawing on the talent and expertise of our citizens and partner-nation citizens—in identifying our security vulnerabilities will help bolster our cybersecurity,” Air Force Chief of Staff Gen. David L. Goldfein said, according to the official U.S. Air Force Website. “We already aggressively conduct exercises and ‘red team’ our public facing and critical websites. But this next step throws open the doors and brings additional talent onto our cyber team.”
Registration will begin May 15 on HackerOne’s Website, with the program kicking off May 30. Although the DoD has not yet revealed how much it will pay out to white-hat hackers who discover vulnerabilities, or which of the Air Force’s online portals it would like probed, its earlier programs may provide some clues. “Hack the Pentagon” paid out $75,000 in total bounties, and 1,400 hackers helped identify (and squish) 138 vulnerabilities.
Whatever the contours of the DoD’s latest program, it’s certain it won’t allow participants to touch critical systems; the only assets under review will likely be public-facing Websites.
Bug hunts have increased in popularity over the past few years, driven in large part by the theory that such programs can save a company a lot of time and money. Why spend tons of cash bulking out an in-house security team, the reasoning goes, when you can pay a few bucks to thousands of outsiders?
But bug hunts will only eliminate vulnerabilities in certain Websites and systems; in order to close holes in sensitive parts of a company’s IT infrastructure, security pros are necessary. In fact, given the escalating number of security breaches over the past while, those skilled in all types of tech security are more important than ever; adjust your own career accordingly.