Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

U.S. Army to Launch First Bug Bounty Program

Following the success of the “Hack the Pentagon” initiative, the United States Army has announced its intention to launch its first ever bug bounty program in the coming weeks.

Following the success of the “Hack the Pentagon” initiative, the United States Army has announced its intention to launch its first ever bug bounty program in the coming weeks.

The Department of Defense (DoD) last month awarded a combined $7 million contract to HackerOne and Synack for helping the organization’s components launch bug bounty programs similar to Hack the Pentagon. The U.S. Army’s program, conducted in partnership with HackerOne, is the first of these projects.

The goal of the bug bounty program, dubbed “Hack the Army,” will be to complement the work of the Army’s own cybersecurity personnel.

No details have been provided so far, but Wired reported that “Hack the Army” will initially focus on recruitment websites and databases storing the personal information of both existing employees and new applicants. Other resources may be added to the scope of the program depending on its success.

Military and government personnel are accepted automatically, but the project is invitation-only for other security experts.

The Hack the Pentagon challenge, which took place in April and May, was led by the Defense Digital Service and allowed anyone to register. Over 1,400 hackers signed up for the pilot program and more than 250 of them submitted at least one vulnerability report. Of the total number of submissions, 138 were valid and eligible for a bounty.

Advertisement. Scroll to continue reading.

The cost of the Hack the Pentagon pilot was $150,000, half of which went to participants. The DoD believes it would have cost at least $1 million to hire an outside contractor to perform the same type of vulnerability testing.

Unlike governments, the private sector has long recognized the benefits of running vulnerability reward programs. Major players, such as Yahoo, Google and Facebook, have already paid out millions to researchers who contributed to making their systems and products more secure.

Related Reading: Kaspersky in Search of Hackers for New Bug Bounty Program

Related Reading: Yelp’s New Bug Bounty Program Promises $15,000 Payouts

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.