More Than 150 Vulnerabilities Discovered in US Marine Corp Websites

[maerF0x0]

>Over the 20 days of the hacking challenge, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team and were awarded over $150,000 for their findings, HackerOne wrote.

This is why we keep having breaches. 20 days for $1k a piece? (yeah, yeah... i know they could have worked 2 minutes of the 20 days...)

But for real why are companies' bounties so low? Those breaches could have cost millions.

[cptskippy]

I would guess that a breach is a write off or covered by insurance where as a bounty probably comes out of someone's budget.

[ghostbrainalpha]

The payouts aren't evenly distributed. A lot of the "hackers" are students and dropouts doing this to have something great on their resume.

This guy got $9,000 in 20 days apparently.

https://twitter.com/ratherbeonline

[jacquesm]

For security work $1000 / day is pretty low.

[archgoon]

As the parent points out; it's not bad for an intern's salary.

[jpmoyn]

I'm not surprised about the number of vulnerabilities, but I am happily surprised that the Marines chose to do a bug bounty hacakathon! Very cool.

[giancarlostoro]

I hope we see more of this. It only allows us to strengthen what's publicly accessible which might open up doorways to who knows what as a result.

[melling]

I recently discovered that the Marines have a recommended reading list:

https://www.marines.mil/News/Messages/Messages-Display/Artic...

[chrisseaton]

Most armed forces have reading lists.

[HashBasher]

Contract goes to the lowest bidder.