One of HackerOne’s latest clients is the Defense Department, which launched its first bug bounty, Hack The Pentagon, last spring and followed it with Hack The Army in November. HackerOne is one of several companies that offer bug bounty as a service, pairing the likes of Twitter, Uber and Dropbox with hackers who will test their sites and services for vulnerabilities. “The risk is significant, and that’s true for the industry and especially for the government.” “The shadow of that still lingers very strongly with security researchers,” says Alex Rice, the chief technology officer of HackerOne. Although many larger firms have established programs today that allow for safe vulnerability disclosure, hackers still have reasonable fears about prosecution and prison time. Fears of foreign hackers have consumed Capitol Hill in the wake of large-scale data theft from the Office of Personnel Management and the Democratic National Committee, and companies have responded to bug reports with legal threats. Government agencies and private industry giants haven’t always been so nonchalant about getting hacked. Fanning’s reaction represents an evolution in the way government - following the lead of tech companies like Google and Facebook - views security research. Secretary of the Army Eric Fanning displays the coin given to successful Army hackers. If they’re not finding vulnerabilities and, in some cases, finding vulnerabilities that really surprise us, then I don’t think the competition is doing all that we want it to do.” So this idea of setting up this competition, vetting the participants, and then being in a situation where they tell us what they find is great. “A lot of people’s first reaction to Hack The Army was, ‘Why would you invite people to hack you?’ Well, we’re being hacked every day, all day long, by people who are wishing to do us harm. “Frankly, my reaction was, ‘Great,’” Secretary of the Army Eric Fanning explains. But the Army sanctioned and even celebrated the hack of its recruitment website - it meant the bug bounty program was working. Offer custom services on a small-scale here, such as crafted keycaps, custom wrist rests, keyboard modification, etc.The hacker who found the vulnerabilities was participating in the Army’s first-ever bug bounty program, Hack The Army, a challenge that invites security researchers to put their skills to the test and pays them for their efforts. Defense Department security teams are trained to react swiftly to unexplained traffic on their networks, and not all of the Department’s 3.2 million members knew the bug bounty was underway, so the panic was understandable. Interest check first before starting group buys Vendor support, feedback, questions, discussions, and other dialogue directly aimed at (or from) the vendor representativeĬhild Boards: Vendor Feedback, Clueboard, CM Storm, GMK/UNIQEY, HendyZone, ★IMSTO★, Kailh, Ke圜lack,, KPrepublic, Massdrop, Matias,, , Originative, Signature Plastics / PimpMyKeyboard,, The Keyboard Company, UKKeycaps, Varmilo, Zeal PC, zFrontier, Velocifire Software, hardware, gaming, electronics, accessories, etc.Īnything and everything not covered by the other forum areas Touchpad, trackball, trackpoint, joysticks, gamepads, paddles, pedals, remotes, etc. Post pictures, video, etc of (your?) stuff! Tell the community what you think about the products you use New to geekhack? introduce yourself here!ĭome, scissor, capacitive, mechanical, buckling-spring, laser, membrane, hall-effect, etc.Įrgo keyboard designs, layouts, mice, workstations, foot pedals, everything and anything to protect your health while computing