Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

U.S. Army to Launch First Bug Bounty Program

Following the success of the “Hack the Pentagon” initiative, the United States Army has announced its intention to launch its first ever bug bounty program in the coming weeks.

Following the success of the “Hack the Pentagon” initiative, the United States Army has announced its intention to launch its first ever bug bounty program in the coming weeks.

The Department of Defense (DoD) last month awarded a combined $7 million contract to HackerOne and Synack for helping the organization’s components launch bug bounty programs similar to Hack the Pentagon. The U.S. Army’s program, conducted in partnership with HackerOne, is the first of these projects.

The goal of the bug bounty program, dubbed “Hack the Army,” will be to complement the work of the Army’s own cybersecurity personnel.

No details have been provided so far, but Wired reported that “Hack the Army” will initially focus on recruitment websites and databases storing the personal information of both existing employees and new applicants. Other resources may be added to the scope of the program depending on its success.

Military and government personnel are accepted automatically, but the project is invitation-only for other security experts.

The Hack the Pentagon challenge, which took place in April and May, was led by the Defense Digital Service and allowed anyone to register. Over 1,400 hackers signed up for the pilot program and more than 250 of them submitted at least one vulnerability report. Of the total number of submissions, 138 were valid and eligible for a bounty.

The cost of the Hack the Pentagon pilot was $150,000, half of which went to participants. The DoD believes it would have cost at least $1 million to hire an outside contractor to perform the same type of vulnerability testing.

Unlike governments, the private sector has long recognized the benefits of running vulnerability reward programs. Major players, such as Yahoo, Google and Facebook, have already paid out millions to researchers who contributed to making their systems and products more secure.

Advertisement. Scroll to continue reading.

Related Reading: Kaspersky in Search of Hackers for New Bug Bounty Program

Related Reading: Yelp’s New Bug Bounty Program Promises $15,000 Payouts

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem