DoD issues call for hackers to dig into networks
The Defense Department is offering monetary rewards to ethical hackers who discover critical or severe vulnerabilities within the massive agency’s networks.
The Pentagon’s inaugural “Hack U.S” program — run in conjunction with bug bounty platform HackerOne and under the auspices of the department’s vulnerability disclosure program — launched on Monday.
The pilot effort kicked off with $110,000 in funds up for grabs. Researchers will receive $1,000 for each flaw they find and report and $500 for any “high severity” weaknesses they uncover. Hackers can also earn $3,000 for what DoD calls “additional specialty categories” as well as one grand prize bonus of $5,000.
The bug bounty is the latest attempt by the Pentagon to use “white hat” hackers to shore up its vast ecosystem of systems against potential digital threats, especially foreign adversaries like Russia and China.
In May, DoD and HackerOne announced that a year-long bug bounty program that scrubbed a tiny position of the sprawling U.S. defense industrial base uncovered more than 400 valid vulnerabilities.
Last year, the organization formerly known as the Defense Digital Service reoriented an ongoing bug bounty to allow participants to sniff out Log4j vulnerabilities across potentially thousands of public-facing military websites.
That organization was rolled under the Pentagon’s newly created Chief Digital and Artificial Intelligence Officer (CDAO) late last year and is now known as the CDAO Directorate for Digital Services.
The reconfigured office is administering the new bug bounty program, along with DoD’s Cyber Crime Center and HackerOne.
Martin Matishak
is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.