The “Hack the Pentagon” bug bounty program by the United States Department of Defense (DoD) has been successful with more than 100 vulnerabilities uncovered by white hat hackers in Pentagon infrastructure.
In March, the Defense Department launched what it calls “the first cyber Bug Bounty Program in the history of the federal government,” inviting hackers to take up the challenge of finding bugs in its networks and public faced websites that are registered under DoD.
Around 1,400 whitehat (ethical) hackers participated in the Hack the Pentagon program and were awarded up to $15,000 for disclosures of the most destructive vulnerabilities in DoDs networks, Defense Secretary Ashton Carter said at a technology forum on Friday.
“They are helping us to be more secure at a fraction of the cost,” Carter said. “And in a way that enlists the brilliance of the white hatters, rather than waits to learn the lessons of the black hatters.”
The Hack the Pentagon program, hosted on bug bounty platform HackerOne, was opened between April 18 and May 12, 2016. All participants were required to qualify a background check.
Although hackers and bug hunters were permitted to hack the agency’s web properties, critical and highly sensitive systems of the Pentagon were out of bounds for the bounty program.
When the Hack the Pentagon was initially announced in March, Carter said he believed this effort would “strengthen our digital defenses and ultimately enhance our national security.” And yes, it did.