Hack the Pentagon - More then 120 valid Security Vulnerabilities uncovered

Hack the Pentagon - More then 120 valid Vulnerabilities uncovered

Today the washington-post published the first article after the "Hack the Pentagon" Program was finished. Over 121 security vulnerabilities was discovered and verified during the bug bounty contest. One unnamed member of the vulnerability laboratory was successful accepted to participate in the program. The core team researcher discovered about 21 security vulnerabilities at the startup of the government bug bounty program.

The Defense Secretary "Ashton Carter" confirmed “Hack the Pentagon program launched in March exceeded the military’s expectations by uncovering dozens of previously unnoticed security issues affecting the Department of Defense’s public, non-classified computer systems.” at the public tech forum conference in Washington, D.C.

During the competition more then 1,400 whitehat hackers registered to participate in the official "Hack the Pentagon" Program of the united states. The director of the programs planned to reward up to 15.000$ for each valid reported security vulnerability. Finally the department of defense rewards was set around some thousend dollars per valid issue to the active participating security researchers or bug bounty hunter.

"The generated information of the pentests and audits during the official bug bounty program was very common and valueable for the department of defense. A lot of attack vectors has been acknowledged and represented by the whitehat community"
 

Scope

In scope of the bug bounty program was public available web services or ethernet web-applications of government domains like defense.gov, dimoc.mil, dodlive.mil, dvidshub.net or myafn.net.

Silent per Policy
Every participant must confirm by an official letter of the department of defense, that the reported issues and vulnerabilities are not traded or published to any other parties or source.

Results and Future
The first pilot program of the western governments to approve the scene was that successful, that we all need to accept in future that this sector will be part of our business as well. During the past years we tested, approved and reported hundrets of government vulnerabilities to the pentagon, department of defense and other international agencies. The result of that was that the government improved the private sector model to receive more success on cyber security in the future. The vulnerability lab core team is happy to participate in such programs and we look forward to the future but do never forget to check the ethics of a government program ahead next to the participation.

Reference(s):

http://www.defense.gov/About-DoD/Biographies/Biography-View/Article/602689/ashton-b-carter