The US Air Force held a six-week bug-hunting contest, hoping to take this opportunity to find out the loopholes in its system platform. There are 50 vetted hackers to find the vulnerabilities in the latest bug-bounty program. The report showed that during the event, hackers found 54 security vulnerabilities on the US Air Force’s Common Computing Environment cloud platform and received a total of $123,000 in prize money.
The person in charge of the event said that the average prize money of the US Air Force in this event was close to last year’s level. The most popular type of vulnerability is the security vulnerability of IoT devices, with an average of $8,550 per vulnerability. Although such vulnerabilities have the highest average bonus, it is not easy to get such a generous bonus at a time because this kind of vulnerability is very rare.
It is reported that the vulnerability bounty activity has been welcomed by US military agencies because of its good results and low cost. In addition to the US Air Force, each branch of the US military has held similar bounty events. In November 2016, the US Army launched the “Hack the Army” event, and 371 participants reported a total of 118 effective vulnerabilities. Last year, at the DEFCON conference in Las Vegas, the US Marine Corps organized a nine-hour hacking campaign and successfully identified 75 vulnerabilities.