Who defends the defenders? When it comes to the U.S. Marine Corps and the challenge of cybersecurity, the U.S. Department of Defense goes with the white hackers of HackerOne.
“Success in cybersecurity is about harnessing human ingenuity,” HackerOne CEO Marten Mickos explained. “There is no tool, scanner, or software that detects critical security vulnerabilities faster or more completely than hackers. The Marine Corps, one of the most secure organizations in the world, is the latest government agency to benefit from diverse hacker perspectives to protect Americans on and off the battlefield.”
For its sixth bug bounty program, Hack the Marine Corps, the Defense Department has again enlisted hacker-powered cybersecurity firm, HackerOne, to improve security on the public-facing websites of the Marine Corps Enterprise Network (MCEN). The program began with a live hacking event in Las Vegas, Nevada on Sunday. This kickoff event featured nearly 100 white hat hackers who spent nine hours testing and probing the Marine Corps’ public-facing websites for security vulnerabilities. The hackers filed 75 unique valid security vulnerability reports that day, winning more than $80,000 in prize money for their efforts. The bug bounty program continues until August 26th.
HackerOne co-founder Michiel Prins during his presentation “Tapping Hackers to Improve Security” at FinDEVr London 2017.
Hack the Marine Corps is part of the Hack the Pentagon crowdsourced cybersecurity program initially launched by the Department of Defense’s Defense Digital Service (DDS) and HackerOne in 2016. The Marine Corps commitment to improving cybersecurity has grown since then to include the creation of a cyberspace career track for service members. In fact, during the Vegas event, members of the U.S. Marine Corps Cyberspace Command (MARFORCYBER) worked alongside the invited security professionals on both offensive and defensive cyber teams.
“Information security is a challenge unlike any other for our military,” DDS Director Chris Lynch said. “Our adversaries are working to exploit networks and cripple our operations without ever firing a weapon. Sometimes, the best line of defense is a skilled hacker working together with our men and women in uniform to better secure our systems.” More than 5,000 vulnerabilities have been reported in government systems since Hack the Pentagon was launched.
In addition to Hack the Pentagon and Hack the Marine Corps, bug bounty challenges have also been launched with the Army (December 2016), the Air Force (April 2017), and, this spring, the Defense Travel System.
Founded in 2012, San Francisco, California-based HackerOne participated in our developers conference, FinDEVr London, last summer. The company’s presentation, Tapping Hackers to Improve Security, underscored the role and value of bug bounty programs as part of a comprehensive strategy to develop an effective cybervulnerability disclosure program.
More than 1,000 organizations including Google, Nintendo, Lufthansa, and Starbucks have leveraged HackerOne’s white hat hackers to find and fix vulnerabilities before they are discovered by cybercriminals. HackerOne has helped companies resolve more than 76,000 vulnerabilities, resulting in the awarding of more than $32 million in bug bounties to ethical hackers.