Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

U.S. Army to Launch First Bug Bounty Program

Following the success of the “Hack the Pentagon” initiative, the United States Army has announced its intention to launch its first ever bug bounty program in the coming weeks.

Following the success of the “Hack the Pentagon” initiative, the United States Army has announced its intention to launch its first ever bug bounty program in the coming weeks.

The Department of Defense (DoD) last month awarded a combined $7 million contract to HackerOne and Synack for helping the organization’s components launch bug bounty programs similar to Hack the Pentagon. The U.S. Army’s program, conducted in partnership with HackerOne, is the first of these projects.

The goal of the bug bounty program, dubbed “Hack the Army,” will be to complement the work of the Army’s own cybersecurity personnel.

No details have been provided so far, but Wired reported that “Hack the Army” will initially focus on recruitment websites and databases storing the personal information of both existing employees and new applicants. Other resources may be added to the scope of the program depending on its success.

Military and government personnel are accepted automatically, but the project is invitation-only for other security experts.

The Hack the Pentagon challenge, which took place in April and May, was led by the Defense Digital Service and allowed anyone to register. Over 1,400 hackers signed up for the pilot program and more than 250 of them submitted at least one vulnerability report. Of the total number of submissions, 138 were valid and eligible for a bounty.

The cost of the Hack the Pentagon pilot was $150,000, half of which went to participants. The DoD believes it would have cost at least $1 million to hire an outside contractor to perform the same type of vulnerability testing.

Unlike governments, the private sector has long recognized the benefits of running vulnerability reward programs. Major players, such as Yahoo, Google and Facebook, have already paid out millions to researchers who contributed to making their systems and products more secure.

Related Reading: Kaspersky in Search of Hackers for New Bug Bounty Program

Related Reading: Yelp’s New Bug Bounty Program Promises $15,000 Payouts

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

CISO Conversations

In this edition of CISO Conversations, SecurityWeek speaks to two city CISOs, from the City of Tampa, and from Tallahassee.