In an effort to find more security flaws in its defense systems, the US Department of Defense (DoD) has decided to expand its Hack the Pentagon program to include more of its systems and networks.
The program pays hackers to find and report the vulnerabilities in exchange for payment from the US government. So far the program has proven to be quite effective with the the first bug in the DoD’s systems and networks being discovered a mere 13 minutes after its launch.
Hack the Pentagon began as a pilot program that was only scheduled to run from April 18 to May 12 across five different DoD websites. Now the department has decided to extend the program indefinitely, allowing it to continuously discover and patch vulnerabilities in order to build up its defenses against cyber attackers. The DoD plans on adding more websites as well as systems to Hack the Pentagon.
In regard to the success of the pilot program and its future as a permanent fixture at the department, a DoD spokesperson says: “Although the pilot was a success, it only tested the crowdsourced security concept against public-facing websites. We believe the concept will be successful when applied to many or all of DoD’s other security challenges”.
HackerOne, a vulnerability disclosure company known for its bug bounty platform, was in charge of administering the Hack the Pentagon pilot. It found that during the course of the pilot, hackers were able to generate 138 unique bug reports while the DoD paid out a total of $71,200 to hackers in bounties.
In order to facilitate the program’s expansion, the DoD is developing a vulnerability disclosure process, expanding the bug bounty program, and will begin offering incentives to its contractors that allow their systems to be tested.
Hack the Pentagon is the first time that the US government has ever considered the idea of a commercial bug bounty program intended for hackers, making the US less prone to security vulnerabilities while at the same time providing hackers with a way to earn a living while aiding the law.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Photo credit: Frontpage / Shutterstock