Following the success of the “Hack the Pentagon” initiative, the United States Army has announced its intention to launch its first ever bug bounty program in the coming weeks.
The Department of Defense (DoD) last month awarded a combined $7 million contract to HackerOne and Synack for helping the organization’s components launch bug bounty programs similar to Hack the Pentagon. The U.S. Army’s program, conducted in partnership with HackerOne, is the first of these projects.
The goal of the bug bounty program, dubbed “Hack the Army,” will be to complement the work of the Army’s own cybersecurity personnel.
No details have been provided so far, but Wired reported that “Hack the Army” will initially focus on recruitment websites and databases storing the personal information of both existing employees and new applicants. Other resources may be added to the scope of the program depending on its success.
Military and government personnel are accepted automatically, but the project is invitation-only for other security experts.
The Hack the Pentagon challenge, which took place in April and May, was led by the Defense Digital Service and allowed anyone to register. Over 1,400 hackers signed up for the pilot program and more than 250 of them submitted at least one vulnerability report. Of the total number of submissions, 138 were valid and eligible for a bounty.
The cost of the Hack the Pentagon pilot was $150,000, half of which went to participants. The DoD believes it would have cost at least $1 million to hire an outside contractor to perform the same type of vulnerability testing.
Unlike governments, the private sector has long recognized the benefits of running vulnerability reward programs. Major players, such as Yahoo, Google and Facebook, have already paid out millions to researchers who contributed to making their systems and products more secure.
Related Reading: Kaspersky in Search of Hackers for New Bug Bounty Program
Related Reading: Yelp’s New Bug Bounty Program Promises $15,000 Payouts
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
