On Wednesday, the United States Air Force became the latest division of the U.S. Armed Forces to announce a public-facing bug bounty program. The program, Hack the Air Force, invites vetted white hat security experts to hack key public-facing Air Force websites.
“We are excited to partner with and mobilize the best talent from across the nation and our partners and give them opportunities to serve and strengthen our national defense,” said Lisa Disbrow, acting secretary of the Air Force in a prepared statement.
The initiative will be an invite-only program managed by HackerOne, which also ran Hack the Pentagon and Hack the Army. The Air Force’s bounty program will select from applicants from the U.S. and for the first time security experts from outside the U.S. from countries such as the United Kingdom, Canada, Australia and New Zealand.
Cash rewards for the program were not announced. However, the Hack the Pentagon bug bounty program included more than 1,400 registered hackers and paid out $75,000 in total bounties to an undisclosed number of participating hackers, according to the Air Force.
The Hack the Air Force initiative is part of a Cyber Secure campaign sponsored by the Air Force. Interested participants must register through the program’s official HackerOne webpage starting on May 15. The contest runs from May 30 to June 23. According to the Air Force, monetary rewards and the specific scope of the Hack the Air Force program won’t be announced until the challenge starts on May 30.
“This is the first time the AF has opened up our networks to such a broad scrutiny,” said Peter Kim, chief information security officer with the Air Force. “We have malicious hackers trying to get into our systems every day. It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture.”
Kim said past public bug bounty programs run by the U.S. government were crucial when it came to competing with companies such as Facebook and Google for talent.
Kim made the announcement at a launch event at HackerOne’s San Francisco headquarters on Wednesday.