HackerOne to US Marine Corps: we’ve got your six
Who defends the defenders in the US? When it comes to the US Marine Corps and the challenge of cybersecurity, the US Department of Defense goes with the white hackers of HackerOne, reports David Penn at Finovate.
“Success in cybersecurity is about harnessing human ingenuity,” HackerOne CEO Marten Mickos explains. “There is no tool, scanner, or software that detects critical security vulnerabilities faster or more completely than hackers. The Marine Corps, one of the most secure organisations in the world, is the latest government agency to benefit from diverse hacker perspectives to protect Americans on and off the battlefield.”
For its sixth bug bounty programme, Hack the Marine Corps, the Defense Department has again enlisted hacker-powered cybersecurity firm, HackerOne, to improve security on the public-facing websites of the Marine Corps Enterprise Network (MCEN).
The programme began with a live hacking event in Las Vegas, Nevada on Sunday (12 August). This kickoff event featured nearly 100 white hat hackers who spent nine hours testing and probing the Marine Corps’ public-facing websites for security vulnerabilities.
The hackers filed 75 unique valid security vulnerability reports that day, winning more than $80,000 in prize money for their efforts. The bug bounty programme continues until 26 August.
Hack the Marine Corps is part of the Hack the Pentagon crowdsourced cybersecurity programme initially launched by the Department of Defense’s Defense Digital Service (DDS) and HackerOne in 2016.
The Marine Corps commitment to improving cybersecurity has grown since then to include the creation of a cyberspace career track for service members.
In fact, during the Vegas event, members of the US Marine Corps Cyberspace Command (MARFORCYBER) worked alongside the invited security professionals on both offensive and defensive cyber teams.
In addition to Hack the Pentagon and Hack the Marine Corps, bug bounty challenges have also been launched with the Army (December 2016), the Air Force (April 2017), and, this spring, the Defense Travel System.
More than 1,000 organisations including Google, Nintendo, Lufthansa, and Starbucks have used HackerOne’s white hat hackers to find and fix vulnerabilities before they are discovered by cybercriminals. HackerOne has helped companies resolve more than 76,000 vulnerabilities, resulting in the awarding of more than $32 million in bug bounties to ethical hackers.