The Department of Defense’s first-ever “Hack the Pentagon” event kicks off today, a so-called “bug bounty” project, in which the DoD is partnering with security firm HackerOne. It will last until May 12 and represents the first time the federal government has ever pursued such an arrangement.
Alex Rice, CTO and founder of San Francisco-based HackerOne, previously told Inverse that thousands of hackers would be participating in the program by HackerOne’s invitation. “Bug bounty” programs have been around for a while, capitalizing on hackers’ expertise to shore up companies software vulnerabilities, and now the DoD wants in on that competitive edge. Hackers are now chasing a reward as large as $150,000 for finding crucial vulnerabilities.
The Washington Times reported that the background checks for would-be government hackers are fairly strict, which is pretty understandable. Tech giants like Google and Facebook, and a host of their peers, have employed these types of programs for some time now. Uber recently dangled $10,000 in front of hackers who were prompted to follow a “treasure map” to pin down potential weaknesses.
The DoD stated in a press release that the lucky winner(s) would be paid by June 10.
“This initiative will put the department’s cybersecurity to the test in an innovative but responsible way,” the press release quoted Secretary of Defense Ash Carter as saying. “I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot.”
SFGate reported ahead of the start date that HackerOne executive Katie Moussouris had left the company, though she’ll remain a part of the “Hack the Pentagon” due to her long-standing involvement in the program as it took shape.