Statistics are in from the Army’s first bug bounty program, and the program appears to have been a success.
Bug bounty programs award cash prizes to hackers who reveal security holes in the organization's products and infrastructure. During a three-week program that ended Dec. 21, the Army received 118 valid vulnerabilities to patch.
Though payouts are currently still being assessed, hackers earned "around $100,000" for their troubles, according to a press release from the company that administered the program.
Like the “Hack the Pentagon” program that came before it, the hackers that participated in the “Hack the Army” program were vetted in advance. Unlike Hack the Pentagon, Hack the Army focused on more valuable systems — online databases and recruitment sites rather than websites not designed to manage data.
The Hack the Pentagon program was administered by HackerOne, a company that facilitates bug bounty programs. In October, the Department of Defense announced a contract with HackerOne and the firm Synack to expand the bounty programs in the months ahead.