Skip to main content
close search
site logo
Dive Brief

Bug bounty hunters discover over 100 security flaws during DOD contest

Published June 15, 2016
By
Contributing Editor
Flickr, chucka_nc

Dive Brief:

  • Participants in the first-ever "Hack the Pentagon" bug bounty contest found more than 100 vulnerabilities in the Defense Department’s computer systems, according to a report from RT.

  • The program, the first-ever of its kind offered by the federal government, invited hackers to test the cybersecurity of some public U.S. Department of Defense websites. 

  • A total of 1,400 certified hackers participated in the contest.

Dive Insight:

Hack the Pentagon started April 18 and ended May 12. Hackers were expected to find flaws in the Pentagon's security systems, and they succeeded, finding more than 100 of them. Alex Rice, chief technology officer and co-founder of HackerOne, which administered the contest, said that it would have been unusual if no vulnerabilities were found

Defense Secretary Ashton Carter, speaking at a Washington, D.C. tech forum Friday, praised the program and the white hat hackers who participated.

"They are helping us to be more secure at a fraction of the cost," Carter said. "And in a way that enlists the brilliance of the white hatters, rather than waits to learn the lessons of the black hatters."

While Hack the Pentagon is the federal government’s first bug bounty program, it likely won’t be its last, as the threat landscape continues to evolve and government systems continue to lack adequate security. Companies such as Facebook, Microsoft and Google have conducted bug bounties for years. In April, the Massachusetts Institute of Technology premiered its own bug bounty program. Uber even included a treasure map for its program. 

Though the program was generally successful in helping the Pentagon identify vulnerabilities, one hacker who participated in the program said the program definitely had room for improvement, especially around the rules of engagement.

"The bounty brief left some room for interpretation around, 'Is what I’m doing right now something that is okay or is it something that is potentially going to get me in trouble?'" said the hacker, who wished to remain anonymous, according to a report from Archer Security Group.  "The combination of that kind of vagueness and just generally mistrusting of the idea of the DoD doing this in the first place. There were a bunch of people that basically opted out." 

Recommended Reading

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Cosentino Drives Business Transformation with AI Powered by Celonis Process Intelligence
From Celonis
October 23, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell