Dive Brief:
-
The Department of Defense announced Friday plans to expand its Hack the Pentagon program.
-
The initial program, which ran from April 18 to May 12, invited pre-approved security researchers to find potential security flaws in five DOD websites.
-
The Pentagon handed out $70,000 in rewards, afer 1,400 participating researchers discovered nearly 140 bugs during the contest.
Dive Insight:
Companies such as Facebook, Microsoft and Google have conducted bug bounties for years. But the program's adoption by government agencies highlights organizational confidence in outside security researchers. Rather than tasking internal personnel with searching for flaws in systems they regularly work with, organizations can tap outside researchers to test a system's strength. Then a company only has to pay a reward if a flaw is found.
The DOD received its first submission within 15 minutes of the program’s launch on April 18, according to The Hill.
The Pentagon said it plans to conduct similar exercises involving more of its computer systems and networks, including those in military branches, according to the announcement.
Defense Secretary Ashton Carter, speaking at a Washington, D.C. tech forum earlier this month, praised the program and the white hat hackers who participated.
"They are helping us to be more secure at a fraction of the cost," Carter said. "And in a way that enlists the brilliance of the white hatters, rather than waits to learn the lessons of the black hatters."
