DOD unveils ‘Hack the Marine Corps’ bounty program

A new bug bounty program intended to find vulnerabilities in the Marine Corps’ public-facing websites was unveiled in Las Vegas Monday.

The Hack the Marine Corps program, which was jointly created by the Department of Defense (DOD) and vulnerability disclosure platform company HackerOne, was announced with a live hacking event. Participants discovered 75 unique vulnerabilities during the event and were awarded more than $80,000 collectively.

During the event, nearly 100 “hand-selected” hackers worked for nine hours to expose vulnerabilities in the Marine Corps’ websites and public services. The hackers were split into offensive and defensive teams, and worked alongside Marines from the U.S. Marine Corps Cyberspace Command (MARFORCYBER). 

The bug bounty program will run until Aug. 26. 

“Success in cybersecurity is about harnessing human ingenuity,” said HackerOne CEO Marten Mickos. “There is no tool, scanner, or software that detects critical security vulnerabilities faster or more completely than hackers. The Marine Corps, one of the most secure organizations in the world, is the latest government agency to benefit from diverse hacker perspectives to protect Americans on and off the battlefield.”

The bug bounty program is part of a wider initiative called Hack the Pentagon, which was born out of a partnership with HackerOne and the DOD’s Defense Digital Service (DDS) in 2016. Currently there are six government bug bounty programs, covering the Pentagon, U.S. Army, U.S. Air Force, the DOD’s defense travel system, and now, the Marine Corps.