安德鲁·埃弗斯登

根据安全研究公司HackerOne在4月15日发布的新闻稿称,白帽黑客在美国空军的“ Hack the Air Force”计划的最新迭代中发现了460多个网络漏洞。

美国空军发布的“ Hack the Air Force 4.0”计划开放时间为10月23日至11月20日,共有60名安全研究人员在美国空军虚拟数据中心中搜索了漏洞。他们最终总共赚了290,000美元,这是迄今为止其漏洞赏金计划给出的最高金额。

该新闻稿称,在面对面的事件中,黑客可以从美国国防部的“特定资产”中寻找漏洞。该事件“为黑客提供了与同行和军事人员合作发现漏洞的机会”。

HackerOne联邦技术项目经理Jon Bottarini说:“美国空军提供了与黑客合作以增强安全性的一个很好的例子。美国国防部通过国防数字服务建立了广泛而强大的网络安全方法,今天,我们期待为黑客社区带来这项新挑战。”

通过四次“漏洞赏金”计划,美国空军已奖励黑客,他们共发现893个漏洞,总计奖励约654,000美元。

“美国空军要成为空中,太空和网络空间的领导者,创新和勇敢是美国空军的目标,”美国空军人力、人事和服务部副主任迈克尔·帕克(Michael Parker)表示。“与HackerOne合作这将使我们能够冒着必要的风险,在我们这边拥有一批黑客的保证下,加强防御。”

2017年5月,美国空军首次举办了“Hack the Air Force”活动。“Hack the Air Force4.0”是自2018年12月以来的第一次。

到目前为止,黑客已经通过美国国防部的“入侵五角大楼”计划发现了12,000个漏洞。


原文:

Ethical hackers find hundreds of vulnerabilities during latest Air Force bug bounty

Ethical hackers found more than 460 vulnerabilities in an Air Force platform during the most recent iteration of the “Hack the Air Force” program, according to a April 15 news release from security research company HackerOne.

Through “Hack the Air Force 4.0,” which ran from Oct. 23 to Nov. 20, 60 security researchers searched for vulnerabilities in an Air Force virtual data center. They ultimately earned a total of $290,000, the highest total given out through its bug bounty program so far.

At the in-person event, hackers could search for loopholes in a “specific asset” from the U.K. Ministry of Defence, the release said. The event “gave hackers the opportunity to collaborate with peers and military personnel to discover vulnerabilities," according to HackerOne.

"The U.S. Air Force provides an example of the proven impact of collaborating with hackers to bolster security,” said Jon Bottarini, federal technical program manager lead at HackerOne. “Through Defense Digital Service, the DoD has established an expansive and powerful approach to cybersecurity today, and we look forward to bringing this new challenge to the hacker community up for the task.”

Through the four ethical hacking events, the Air Force has awarded a total of about $654,000 in rewards to ethical hackers for discovering 893 vulnerabilities.

"It is the U.S. Air Force’s goal to be leaders, innovators and warriors in air, space and cyberspace,” said Michael Parker, chief information officer for U.S. Air Force deputy chief of staff for manpower, personnel, and services. “Partnering with HackerOne will allow us to take the necessary risks to harden our defenses with the assurance of a battalion of hackers on our side.”

The first Hack the Air Force event was in May 2017. Hack the Air Force 4.0 was the first event since December 2018.

So far, ethical hackers have discovered 12,000 vulnerabilities through the Department of Defense’s Hack the Pentagon initiative.

声明:本文来自网电空间战,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。