The U.S. Department of Defense (DOD) announced on Wednesday plans to expand its successful ‘Hack the Pentagon’ crowdsourced security program. The program, which was launched in 2016 as the federal government’s first bug bounty initiative, aims to identify and resolve security vulnerabilities across targeted DOD websites and assets.
DOD awarded contracts to three private-sector Silicon Valley firms – Bugcrowd, HackerOne, and Synack – to boost the department’s capacity to run bug bounties aimed at strengthening security for internal DOD assets.
The private sector partnerships will allow DOD to leverage the collective hacking communities and platforms of the three firms, enabling the department to tap into a wide variety of expertise and technical specialization as security assessments scale in type and complexity.
The Hack the Pentagon program has since enabled the DOD to identify and remedy thousands of security vulnerabilities. The program pays cash to highly vetted security researchers or ‘ethical hackers’ to discover and disclose bugs.
Chris Lynch, Director of the Defense Digital Service, said, Expanding our crowdsourced security work allows us to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We’re excited to see the program continue to grow and deliver value across the Department.
The contract awards announced will expand the program scope and capacity for bounties targeting private DOD assets, which include tailored and bespoke products and systems for meeting defense mission needs.
The enhanced program will enable DOD components to run continuous, year-long assessments of high-value assets, and allow the department to run assessments on a broader range of assets such as hardware and physical systems.
In conclusion, the U.S. Department of Defense’s Hack the Pentagon bug bounty program has been successful and is expanding to further strengthen internal DOD assets by partnering with three private-sector Silicon Valley firms.
The expansion will enable the department to leverage the collective hacking communities and platforms of the three firms, providing a wider variety of expertise and technical specialization as security assessments scale in type and complexity.