
More Than 150 Vulnerabilities Discovered in US Marine Corp Websites - koin0r
https://sensorstechforum.com/150-vulnerabilities-us-marine-corp/
======
maerF0x0
>Over the 20 days of the hacking challenge, hackers reported nearly 150 unique
valid vulnerabilities to the U.S. Marine Corps Cyberspace Command
(MARFORCYBER) team and were awarded over $150,000 for their findings,
HackerOne wrote.

This is why we keep having breaches. 20 days for $1k a piece? (yeah, yeah... i
know they could have worked 2 minutes of the 20 days...)

But for real why are companies' bounties so low? Those breaches could have
cost millions.

~~~
ghostbrainalpha
The payouts aren't evenly distributed. A lot of the "hackers" are students and
dropouts doing this to have something great on their resume.

This guy got $9,000 in 20 days apparently.

[https://twitter.com/ratherbeonline](https://twitter.com/ratherbeonline)

~~~
jacquesm
For security work $1000 / day is pretty low.

~~~
archgoon
As the parent points out; it's not bad for an intern's salary.

------
jpmoyn
I'm not surprised about the number of vulnerabilities, but I am happily
surprised that the Marines chose to do a bug bounty hacakathon! Very cool.

------
giancarlostoro
I hope we see more of this. It only allows us to strengthen what's publicly
accessible which might open up doorways to who knows what as a result.

------
melling
I recently discovered that the Marines have a recommended reading list:

[https://www.marines.mil/News/Messages/Messages-
Display/Artic...](https://www.marines.mil/News/Messages/Messages-
Display/Article/1184470/revision-of-the-commandants-professional-reading-
list/)

~~~
chrisseaton
Most armed forces have reading lists.

------
HashBasher
Contract goes to the lowest bidder.

