Almost a year after the Pentagon launched the vulnerability disclosure program, the agency received 2,837 credible reports on vulnerabilities from some 650 hackers from 50 countries around the world, according to a press release on the HackerOne portal.

More than 100 discovered vulnerabilities were critical or represented a serious threat to the systems of the Office. Problems in almost 40 components of the US Department of Defense systems allowed remote execution of the code, SQL injection and bypass authentication.

Most of the reports were submitted by researchers from the United States, India, Britain, Pakistan, the Philippines, Egypt, Russia, France, Australia and Canada.

The US Defense Ministry's vulnerability disclosure program does not involve monetary reward - it only provides a channel for reporting security problems without possible legal consequences. However, as part of the Pentagon initiative, several temporary programs were launched that offered monetary rewards. Researchers who took part in these programs earned more than $ 300 thousand. almost 500 vulnerabilities in the systems of the department.

The first such initiative was the Hack the Pentagon ("Hack the Pentagon") program, in which researchers earned about $ 75 thousand. for 138 Vulnerability Reports. Further, the department launched the Hack the Army ("Breaking the Army") program, in which about $ 100 thousand. for 118 vulnerabilities and Hack the Air Force, in which participants found 207 vulnerabilities, earning a total of $ 130 thousand.

After the success of these programs, US government agencies and legislative bodies showed increased interest in reward programs for vulnerabilities.

The General Services Administration (GSA) launched a vulnerability search program that offers a reward ranging from $ 300 to $ 5 thousand. The US Department of Justice has also developed a mechanism to help organizations launch vulnerability detection programs.