Pentagon Launches First-of-Its-Kind Bug Bounty Program
http://www.defenseone.com/technology/2016/03/pentagon-launches-first-its-kind-bug-bounty-program/126395/?oref=d-channelriverMarch 3, 2016
By Aliya Sternstein
Nextgov
The idea is to find and fix vulnerabilities before the bad guys do. Certain restrictions apply.
Pentagon / Cyber
Challenged by hackers and staffing shortages, the Pentagon is inviting plainclothes techies to a competition where they can poke around military code for security bugs. The idea is to find and fix vulnerabilities unknowingly inserted in software before the bad guys do.
Aliya Sternstein reports on cybersecurity and homeland security systems. She’s covered technology for more than a decade at such publications as National Journal's Technology Daily, Federal Computer Week and Forbes. Before joining Government Executive, Sternstein covered agriculture and derivatives ... Full Bio
The contest draws inspiration from “bug bounty” programs in the private sector open to hobbyists and professional penetration testers. Microsoft, for instance, offers a reward of up to $100,000 for attacking its software. General Motors earlier this year launched a car-hacking program that seeks glitch reports but doesn’t yet pay for them.
The military’s new “Hack the Pentagon” program, unveiled Wednesday, potentially could offer cash prizes, according to a Defense Department announcement. Perhaps some of those bucks could come from the nearly $7 billion Pentagon Secretary Ash Carter expects to spend on cybersecurity in 2017.
Only citizens willing to undergo a background check will be allowed to scour Pentagon computer programs for security vulnerabilities, according to Defense. Participants will not be angling for bugs in the F-35, but rather scrutinizing weaknesses in Defense webpages. The venture marks the first U.S. government foray into bug hacking, the department says.
The “controlled, limited duration” trial will provide screened-hackers access to a pre-selected system, according to the Pentagon. No national security applications or other critical, “mission-facing” systems will be tested.
Read more: Pentagon Googles ‘Innovation,’ Taps Eric Schmidt
Related: We’re On the Same Side, Carter Tells Silicon Valley
It is unclear what the screening process will entail or whether participation will be contingent on drug testing. Defense officials said details on eligibility rules will be out in coming weeks.
