DoD issues call for hackers to dig into networks

The Defense Department is offering monetary rewards to ethical hackers who discover critical or severe vulnerabilities within the massive agency’s networks.

The Pentagon’s inaugural “Hack U.S” program — run in conjunction with bug bounty platform HackerOne and under the auspices of the department’s vulnerability disclosure program — launched on Monday. 

The pilot effort kicked off with $110,000 in funds up for grabs. Researchers will receive $1,000 for each flaw they find and report and $500 for any “high severity” weaknesses they uncover. Hackers can also earn $3,000 for what DoD calls “additional specialty categories” as well as one grand prize bonus of $5,000.

The bug bounty is the latest attempt by the Pentagon to use “white hat” hackers to shore up its vast ecosystem of systems against potential digital threats, especially foreign adversaries like Russia and China.

In May, DoD and HackerOne announced that a year-long bug bounty program that scrubbed a tiny position of the sprawling U.S. defense industrial base uncovered more than 400 valid vulnerabilities.

Last year, the organization formerly known as the Defense Digital Service reoriented an ongoing bug bounty to allow participants to sniff out Log4j vulnerabilities across potentially thousands of public-facing military websites. 

That organization was rolled under the Pentagon’s newly created Chief Digital and Artificial Intelligence Officer (CDAO) late last year and is now known as the CDAO Directorate for Digital Services. 

The reconfigured office is administering the new bug bounty program, along with DoD’s Cyber Crime Center and HackerOne.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Martin Matishak

Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.