The US Department of Defense has selected HackerOne for its highly-anticipated ‘Hack the Pentagon’ bug bounty pilot.
This marks the first bug bounty programme in the history of the US federal government.
20-day bug bounty pilot in April 2016
The contract calls for HackerOne to enhance the department’s cybersecurity by inviting qualifying hackers to participate in a 20-day bug bounty pilot beginning 18 April 2016. The registration site is now live and can be accessed at hackerone.com/hackthepentagon
Under the programme, HackerOne will identify qualified participants to conduct vulnerability identification and analysis on select web properties. The ‘Hack the Pentagon’ initiative is being led by the department’s Defense Digital Service, launched by Secretary Carter last November.
Bug bounty programmes as an effective security practice
Bug bounty programmes have been embraced as an effective security practice for identifying vulnerabilities in Internet-connected systems. These community-led programmes empower and incentivise technically skilled citizens to find and report security vulnerabilities so they can be safely resolved.
“Collaboration and transparency with external finders has become essential to securing connected software on the Internet,” said Marten Mickos, CEO, HackerOne. “Embracing the hacker community is not only a watershed move by the Pentagon, among the world’s most powerful organisations, but also signals deeply promising progress for all of software security.”
Edited from press release by Cecilia Rehn.