US Defense Department Launches ‘Hack the Pentagon’ Website

The US Department of Defense (DoD) has launched a new website to help organizations within the department to launch bug bounty programs and recruit security researchers.

The new Hack the Pentagon (HtP) website, launched by the Chief Digital and Artificial Intelligence Office (CDAO) Directorate for Digital Services (DDS), is meant as a companion for the DoD’s long-running bug bounty program with the same name.

Initially launched in 2016, the DoD’s bug bounty program has resulted in more than 1,600 white hat hackers reporting over 2,100 vulnerabilities in Pentagon systems and assets and earning over $650,000 in bounty payments.

Vetted security researchers have identified issues in networks, in planes, next-generation secure hardware, power and HVAC systems, water facilities, and more.

“DDS built the HtP website as a resource for Department of Defense organizations, vendors, and security researchers to learn how to conduct a bug bounty, partner with the CDAO DDS team to support bug bounties, and participate in DoD-wide bug bounties,” DoD says.

Previously, the DoD’s bug bounty program ran on a project-by-project basis, but the new website will help the department run continuous programs, offering access to lessons learned and best practices, and helping DoD organizations recruit security researchers for their bug bounty programs.

To date, the DoD has run more than 40 bug bounty projects, including Hack the Pentagon (at its third installment this year), Hack the Air Force, Hack the Army, Hack the Marine Corps, Hack the Defense Travel System, Hack DHS, and Hack US.

Related: DoD Announces Results of Vulnerability Disclosure Program for Defense Contractors

Related: U.S. Government Announces ‘Hack the Army 3.0’ Bug Bounty Program

Related: Pentagon Paid Out $290,000 for Vulnerabilities in Air Force Data Center