US DoD Unveils Website For Hack the Pentagon Bug Bounty Program

Written by

The US Department of Defense (DoD) has launched a website to accompany its Hack the Pentagon (HtP) program.

The Chief Digital and Artificial Intelligence Office (CDAO) Directorate for Digital Services (DDS), Craig Martell, unveiled the website last Thursday. It will be a resource for DoD organizations, vendors and security researchers to understand how to conduct a bug bounty. 

The site will also enable partnerships with the CDAO DDS team to support and participate in DoD-wide bug bounties.

“With the HtP website launch, CDAO is scaling a long-running program, which historically offered services on a project-by-project basis, by offering the Department better access to lessons learned and best practices for hosting bug bounties,” Martell said. 

“The website helps equip DoD to run continuous bug bounties as part of a larger comprehensive cybersecurity strategy.”

Read more on the HtP program here: US to Launch Third Iteration of 'Hack the Pentagon' Bug Bounty Program

The DDS also explained that, beyond its educational purposes, the new website also aims to engage and recruit technical talent.

“Through Hack the Pentagon, we’re building a global talent pipeline for cybersecurity experts to contribute to our national defense outside of traditional government career paths,” commented Jinyoung Englund, acting director of CDAO DDS.

According to a blog post published by the Directorate last Thursday, Hack the Pentagon has supported over 40 bug bounties since its launch in 2016. More than 1400 ethical hackers participated in these programs and have collectively discovered roughly 2100 vulnerabilities.

The second iteration of the Hack the Pentagon program was unveiled in 2018. The DDS became part of the CDAO organization in June 2022.

The launch of the new Hack the Pentagon website comes months after the DoD updated its CMMC 2.0 program. The changes were discussed in a recent guest post on Infosecurity by Matthew Hodson, CIO of Valeo Networks.

What’s hot on Infosecurity Magazine?