DoD launches bug bounty program for Army systems

Nov 22, 2016 13:14 GMT  ·  By
The US wants to increase its domain security with help from white-hat hackers
   The US wants to increase its domain security with help from white-hat hackers

​The United States Department of Defense (DoD) and partner company HackerOne announced a new bug bounty program that essentially offers rewards to hackers who manage to successfully break into US army domains and find unpatched vulnerabilities.

The so-called Hack the Army bug bounty challenge was originally announced on November 11 by Secretary of the Army Eric Fanning, but starting today, hackers can register for the first phase of the program.

Only 500 security researchers will be included in the first part of the program, but the US DoD says that depending on how this goes, it could expand it with more seats.

HackerOne does not disclose the financial rewards that would be given to hackers who manage to break into US Army’s systems, but the company does mention that they will be able “to earn thousands of dollars in cash,” so it’ll probably be worth it to find a vulnerability in one of the domains.

Improving the security of US Army systems

Additionally, the firm didn’t mention the vulnerabilities that it’s specifically interested in and which are eligible for financial compensation, but it goes without saying that the typical ones are the most important, including remote code execution flaws that could allow attackers to compromise the systems.

The DoD Vulnerability Disclosure Policy says that the program concerns any public-facing website, owned, operating, or controlled by the department, and hackers should by no means leak any details they find.

“This is an effort for the U.S. Department of the Army to explore new approaches to its security, and to adopt the best practices used by the most successful and secure software companies in the world. By doing so, the U.S. Army can ensure its systems and warfighters are as secure as possible,” the Hack the Army program page explains.

The initial phase of the program starts Wednesday, November 30, 2016, at 12:00 (noon) Eastern Standard Time and ends Wednesday, December 21, 2016 at 17:00 Eastern Standard Time.