US launches “Hack the Army 3.0” bug bounty program

Hack the Army logo on a white background

On Wednesday, the US Defense Digital Service (DDS) announced its third Hack the Army bug bounty program. Hack the Army 3.0 will focus on uncovering vulnerabilities in the US Army’s digital systems.

Launched in partnership with vulnerability coordination and bug bounty platform HackerOne, the invite-only program is open to participation from civilian hackers and US military personnel, but only civilian hackers will be eligible for the bounties.

According to Defense Digital Service (DDS), Hack the Army 3.0 will highlight digital vulnerabilities in the US Army’s assets before nefarious hackers discover and exploit them, allowing defense authorities to better plan for unforeseen cyber threats.

“Bug bounty programs are a unique and effective ‘force multiplier’ for safeguarding critical Army networks, systems and data, and build on the efforts of our Army and DoD security professionals,” said Brig. Gen. Adam C. Volant, US Army cyber-command director of operations.

“By ‘crowdsourcing’ solutions with the help of the world’s best military and civilian ethical hackers, we complement our existing security measures and provide an additional means to identify and fix vulnerabilities. Hack the Army 3.0 builds upon the successes and lessons of our prior bug bounty programs.”

That’s not all. DDS has used similar bug bounty challenges in the past to improve the US government’s security systems. For instance, since its launch in 2016, DDS’s Hack the Pentagon program executed 14 public bounties on exterior-facing websites and applications. The program also addressed 10 private bounties on the US Department of Defense’s sensitive internal systems.

“We are living in a different world today than even just a year ago. Amid disinformation and a global health crisis, citizens are increasingly wary of how, when and where their information is used. For years, the US Department of Defense and respective military branches have successfully strengthened their cybersecurity posture and protected precious data by enlisting the help of ethical hackers on HackerOne,” said Marten Mickos, CEO of HackerOne.

Marten continued, “Years later, hacker-powered security is not only a best practice in the US military, but it is now a mandated requirement among civilian federal agencies. There is only one way to secure our connected society, together, and the US Army is leading the charge with this latest challenge.”

You can apply to Hack the Army 3.0 online now. The program runs from January 6 through February 17.