Marines launch bug bounty at Las Vegas event

The Marine Corps is the latest military service to join in on the trend of hosting a public bug bounty.

The Hack the Marine Corps program, jointly created by the Department of Defense and vulnerability disclosure platform company HackerOne, launched Aug. 12 with a live hacking event in Las Vegas on the heels of the annual Black Hat and DEF CON hacker conventions. Hackers discovered 75 unique vulnerabilities during the event worth more than $80,000 in prizes. 

Roughly 100 “hand-selected” hackers spent nine hours exposing vulnerabilities in the Marine Corps’ websites and public services connected to theMarine Corps Enterprise Network. They were split into offensive and defensive teams, working alongside Marines from the U.S. Marine Corps Cyberspace Command (MARFORCYBER). 

“What we learn from this program will assist the Marine Corps in improving our warfighting platform, the Marine Corps Enterprise Network,” said Maj. Gen. Matthew Glavy, commander of MARFORCYBER. “Working with the ethical hacker community provides us with a large return on investment to identify and mitigate current critical vulnerabilities, reduce attack surfaces, and minimize future vulnerabilities. It will make us more combat ready.”

The program is part of the wider Hack the Pentagon initiative, launched by HackerOne and the Defense Digital Service in 2016. The partnership has also hosted bug bounties with the Pentagon, the Army, the Air Force, the defense travel system.

“Sometimes, the best line of defense is a skilled hacker working together with our men and women in uniform to better secure our systems,” said DDS Director Chris Lynch. “We’re excited to see Hack the Pentagon continue to build momentum and bring together nerds who want to make a difference and help protect our nation.”

Hack the Marine Corps will continue until August 26.