More than 200 vulnerabilities to US Air Force IT domains were disclosed by white-hat hackers during a 24-day period earlier this year.
The 207 vulnerabilities were found from May 30 through June 23 by US and international hackers in a federal bug bounty program involving the Air Force and HackerOne, a hacker-powered security platform connecting organizations with the world's largest community of trusted hackers.
"Every organization needs to identify and fix their software vulnerabilities," said HackerOne Chief Executive Officer Marten Mickos. "The most effective way is to ask the external world for help.” Mickos said in a statement Thursday.
"We've seen new levels of success with every federal bug bounty challenge and Hack the Air Force is no exception. Activating the global hacker community to shore up their digital defenses is enabling faster progress than ever before." Mickos said.
More than $130,000 in bounties were paid to participating hackers for their discoveries. A total of 272 hackers participated in the program and scoured public-facing USAF IT domains for security vulnerabilities. They were paid between $100 and $5,000 per valid vulnerability reported. A 17-year-old earned the most during the program after filing 30 valid reports.
HackerOne performed similar projects before for the Pentagon and the US Army. "Adversaries are constantly attempting to attack our websites, so we welcome a second opinion -- and in this case, hundreds of second opinions -- on the health and security of our online infrastructure," Air Force Chief Information Security Officer Peter Kim said.
"By engaging a global army of security researchers, we're better able to assess our vulnerabilities and protect the Air Force's efforts in the skies, on the ground and online." Kim added