US Department of Defense launches bug bounty program

OpenJPEG Vulnerability Allows Execution of Malicious Code Using Crafted Images

Earlier this year, Hack the Pentagon was a pilot bug bounty scheme that involved some 1,400 security experts who detected 138 genuine vulnerabilities. The program was so successful that the US Department of Defense has now officially launched, in partnership with bug bounty platform HackerOne, Hack the Army, the first bug bounty program to focus on army domains, which will run from November 30 to December 21.

The new Vulnerability Disclosure Policy, a premier for the US government, will authorize approximately 500 hackers to breach specific high priority networks to detect software vulnerabilities for financial rewards.

“This is a historic moment for hackers and the U.S. government,” Katie Moussouris, adviser to the Pentagon, said about the Vulnerability Disclosure Policy. “For the first time since hacking became a felony offense over 30 years ago, the Department of Defense has now opened the doors for ongoing vulnerability disclosure from helpful hackers who want to help secure these systems without fear of legal prosecution.”

Although it mirrors the pilot scheme, Hack the Army will be “focused on more operationally relevant websites – specifically those affecting the Army’s recruiting mission,” announces the agency’s press release. By detecting and fixing vulnerabilities early on, the Department of Defense aims to strengthen its cybersecurity strategy.

Hack the Army is the first bug bounty program launched by a US governmental bureau based on “a ‘see something, say something’ policy for the digital domain,” Secretary of Defense Ash Carter said. “We want to encourage computer security researchers to help us improve our defenses. This policy gives them a legal pathway to bolster the department’s cybersecurity and ultimately the nation’s security.”

Leave a Reply