"DoD Announces Final Results of 'Hack US' Bug Bounty Program"

The US Department of Defense (DoD) and HackerOne recently announced the results of the Hack US one-week bug bounty challenge that ran from July 4 to July 11, 2022.  The DoD announced it was offering a total bounty pool of $110,000, representing $75,000 in rewards for submitted vulnerability reports and $35,000 for bonus awards.  This week, the department said that the entire bounty pool was exhausted.  A total of 267 ethical hackers participated in the challenge, 139 of them being new to DoD's VDP.  In total, the ethical hackers submitted 648 reports during the Hack US event, including 349 actionable reports.  According to DoD VDP director at DC3 Melissa Vice, many of the submitted reports "could have been critical had they not been identified and remediated during this bug bounty challenge."  Vice noted that DoD will use the insights gained during the challenge to address the root cause of these security issues and prevent their malicious exploitation.  HackerOne co-founder and CTO Alex Rice stated that "the vulnerabilities discovered by the hacker community during Hack US will offer more air cover on all the assets that help maintain US national security, and insights from reports will help inform how the DoD approaches identifying future threats."

SecurityWeek reports: "DoD Announces Final Results of 'Hack US' Bug Bounty Program"