Registration opens for DOD bug-bounty program
White-hat hackers have a chance to try their skills against the Defense Department with the opening of the "Hack the Pentagon" pilot, designed to identify and resolve security vulnerabilities in DOD websites.
The Pentagon is partnering with HackerOne, a San Francisco-based bug-bounty-as-a-service firm, to run the 20-day program. The company will identify qualified participants to conduct vulnerability analysis on select web properties and issue qualifying bounties from the $150,000 in funding for the program no later than June 10.
“The program will target several DOD public websites, which will be identified to the participants as the beginning of the challenge approaches,” Pentagon Press Secretary Peter Cook said. “Critical, mission-facing computer systems will not be involved in the program.”
Those who wish to participate must first apply, and participants who submit qualifying vulnerability reports will undergo a basic criminal background screening to ensure taxpayer dollars are spent wisely, Cook said. Screening details will be communicated to participants in advance, he added, allowing participants to opt out of any screening. Those who decline screening will forgo bounty compensation.
Hack the Pentagon is based on bug-bounty programs in the private sector that reward efforts to discover weaknesses in software before adversaries do. “The objective here is to let the white hats help us find vulnerabilities before the black hats do,” Defense Secretary Ash Carter said when the program was first announced.
"This initiative will put the department's cybersecurity to the test in an innovative, but responsible way," Carter said of the program. "I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot."
The Hack the Pentagon bug-bounty pilot will start on April 18 and end on May 12. Participants can register here.
Connect with the GCN staff on Twitter @GCNtech.