14 DAY TRIAL // Following a U.S. Government Accountability Office (GOA) report that major Department of Defense (DOD) weapon systems under development suffer from mission-critical vulnerabilities, the DOD announces the expansion of the Hack the Pentagon program.
DOD's Hack the Pentagon crowdsourced security program is designed to accelerate the identification and patching of security vulnerabilities in DOD assets and websites, leveraging security knowledge from the private sector.
The Defense Department pays all security researchers it accepts into its bug bounty program for every discovered, and disclosed security issue and it intends to use the program to develop further crowdsourced security tactics.
Hack the Pentagon is the first-ever federal bug bounty program, launched by the DOD in 2016, and it was followed by the Vulnerability Disclosure Policy that makes it possible for security researchers to detect and disclose vulnerabilities in Internet-facing systems.
Following the initial launch of the Hack the Pentagon program, the Defense Department received info on thousands of security bugs which it was able to patch and reduce the attack surface of a multitude of public-facing systems.
The expanded Hack the Pentagon program allows the DOD to also assess vulnerabilities of hardware and physical systems
"Finding innovative ways to identify vulnerabilities and strengthen security has never been more important," said Chris Lynch, Defense Digital Service Director.
"When our adversaries carry out malicious attacks, they don’t hold back and aren’t afraid to be creative. Expanding our crowdsourced security work allows up to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We’re excited to see the program continue to grow and deliver value across the Department."
According to DOD's announcement, Bugcrowd, HackerOne, and Synack are the three private sector hacking platforms and communities included in the new federal contract.
The three platforms which are now part of the expanded DOD program will allow the Defense Department to "run assessments on broader range of assets such as hardware and physical systems."