Pentagon Launches Ambitions Bug Bounty Program.
The US Army Wants You!… To hack their networks, that is.
Last week, outgoing Secretary of the Army Eric Fanning announced plans to launch the U.S. Army’s first-ever bug bounty challenge.
A bug bounty, for the uninitiated, is a deal in which hackers compensation (and acknowledgment) for reporting exploits and vulnerabilities in an organization’s websites or software.
The Army’s program, launched in partnership with vulnerability coordination and bug bounty platform HackerOne, invites the hacker community to find unknown security vulnerabilities in the Army’s digital recruiting infrastructure and “supplement the great work the Army’s talented cybersecurity personnel are doing already,” says an announcement from HackerOne.
“We’re not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense,” Fanning said in a press conference, Wired reports. “We’re looking for new ways of doing business.”
The announcement comes hot on the heels of the Department of Defense’s successful “Hack the Pentagon” program, which encouraged hackers to probe the Pentagon’s public websites, and ended up nabbing 138 vulnerabilities during the 24-day program.
This bounty isn’t open to everyone, though. The program will start off as invite-only and, for obvious reasons, hackers wishing to participate will be vetted by Army. Military and government personnel, however, get automatic entry in the program.
Approved hackers will soon have a chance to earn “competitive bounties” for their efforts, HackerOne recommends interested parties visit the bug bounty’s official page for details on how to participate in the challenge and eligibility requirements, and for updates over the coming weeks.
Latest posts by Jeff Edwards (see all)
- CounterTack Releases New Endpoint Threat Platform - February 17, 2017
- 2017’s Top InfoSec Conferences and Events - February 15, 2017
- CrowdStrike Announces Enhanced Endpoint Machine Learning Capabilities and New Endpoint Protection Modules - February 13, 2017