Defense Department's bug bounty program draws more than 500 hackers

Dive Brief:

  • HackerOne, the company hired to manage the "Hack the Pentagon" program, said about 500 people have signed up for bug bounty program so far and undergone the required background checks, according to an eWEEK report. 

  • Neither HackerOne nor the Pentagon have revealed whether or not any security flaws have been identified so far, however.

  • The program, the first-ever of its kind offered by the federal government, invites hackers to test the cybersecurity of some public U.S. Department of Defense websites. 

Dive Insight:

Hack the Pentagon started April 18 and will run through May 12. Hackers are expected to find flaws in the Pentagon's security systems. Alex Rice, chief technology officer and co-founder of HackerOne, said that it would be unusual for no vulnerabilities to be found.

"What I can say is that we haven't seen any of (these programs) launched, even those with a smaller number of individuals, where the researchers have found nothing," Rice told eWEEK.

While Hack the Pentagon is the federal government’s first bug bounty program, it likely won’t be its last, as the threat landscape continues to evolve and government systems continue to lack adequate security. A report released earlier this month by security risk benchmarking startup SecurityScorecard found U.S. federal, state and local government agencies rank lowest in cybersecurity when compared to the private sector.

The Pentagon has set aside $150,000 in award funding for those who can hack the system and share details of the vulnerabilities with DoD officials.

"I am confident that this innovative initiative will strengthen our digital defenses and ultimately enhance our national security," Defense Secretary Ash Carter said in a statement unveiling the pilot program on March 2.

Filed Under: IT Strategy Security