The Marine Corps is the latest service to kick off a bug bounty program to uncover vulnerabilities in its network, with hackers already discovering 75 security flaws at an event last Saturday.
Hack the Marine Corps will run through August 26 and pay ethical hackers to find discover potential areas for cyber exploitation in the public-facing websites of the Marine Corps Enterprise Network (MCEN).
“Hack the Marine Corps allows us to leverage the talents of the global ethical hacker community to take an honest, hard look at our current cyber security posture. Our Marines need to operate against the best. What we learn from this program will assist the Marine Corps in improving our warfighting platform, the Marine Corps Enterprise Network,” Maj. Gen. Matthew Glavy, commander of Marine Corps Forces Cyberspace Command, said in a statement.
The bug bounty program, the latest organized by HackerOne, which does bug bounty program coordination, and the Pentagon’s Defense Digital Service, began Saturday in Las Vegas where around 100 hackers spent nine hours digging into MCEN sites.
The hackers found 75 unique flaws which paid out $80,000 in rewards.
“Working with the ethical hacker community provides us with a large return on investment to identify and mitigate current critical vulnerabilities, reduce attack surfaces, and minimize future vulnerabilities. It will make us more combat ready,” Glavy said.
The Army’s bug bounty program, launched in December 2016, found 118 network vulnerabilities and paid out $100,000 to hackers. The Air Force held two ethical hacking exercises in 2017, where officials discovered over 300 vulnerabilities between the events.