'Hack the Army' Becomes Latest Defense Bug Bounty

The US Army is launching its first-ever bug bounty challenge in partnership with HackerOne.

The largest branch of the US military is the first to launch a program in the wake of the success of the “Hack the Pentagon” initiative. Hack the Pentagon was the first bug bounty program for the federal government, launched last spring. It allowed more than 1,400 registered hackers to test the defenses of select DoD websites. As a result of the pilot, 138 unique and previously undisclosed vulnerabilities were identified by security researchers and remediated in near real-time by the Defense Media Activity.

The DoD in October also awarded a contract to bug-bounty platforms HackerOne and Synack to create a two-pronged program. The Crowdsourced Security Initiative includes bounties for flaws in public-facing properties, which will continue to be managed by HackerOne; and for those found in mission-critical and sensitive IT assets, which is the larger of the two and will be run by Synack.

The Department of Defense has pledged to expand these programs to other departments; and Hack the Army is the first of these challenges. The Pentagon said that it would reveal details on how to participate in the challenge and eligibility requirements in the coming weeks.

“Working with the hacker community is an effective way to uncover vulnerabilities in even the most powerful organizations,” said Secretary of the Army, Eric Fanning. “Inviting the hacker community to find unknown security vulnerabilities will supplement the great work the Army’s talented cybersecurity personnel are doing already.”

Photo © dustin77a

What’s Hot on Infosecurity Magazine?