Statement by Pentagon Press Secretary Peter Cook on DoD's Partnership with HackerOne on the "Hack the Pentagon" Security Initiative
U.S. Department of Defense sent this bulletin at 03/31/2016 02:19 PM EDTYou are subscribed to News Releases for U.S. Department of Defense.
This information has recently been updated, and is now available.
|
||
Statement by Pentagon Press Secretary Peter Cook on DoD's Partnership with HackerOne on the "Hack the Pentagon" Security Initiative
The Department of Defense (DoD) announced today that interested participants may now register to compete in the "Hack the Pentagon" pilot. The pilot, designed to identify and resolve security vulnerabilities within DoD websites through crowdsourcing, is the first bug bounty program in the history of the federal government. DoD is partnering with HackerOne, a reputable Bug Bounty-as-a-service firm based out of Silicon Valley, to run the Hack the Pentagon pilot over the next several weeks.
The Hack the Pentagon bug bounty pilot will start on Monday, April 18 and end by Thursday, May 12. Qualifying bounties will be issued by HackerOne no later than Friday, June 10. The program will target several DoD public websites which will be identified to the participants as the beginning of the challenge approaches. Critical, mission-facing computer systems will not be involved in the program. HackerOne has set up a registration site for eligible participants. Eligible participants must be a U.S. person, and must not be on the U.S. Department of Treasury's Specially Designated Nationals list, a list of people and organizations engaged in terrorism, drug trafficking and other crimes; U.S. citizens and companies are prohibited from doing business with listed entities. In addition, successful participants who submit qualifying vulnerability reports will undergo a basic criminal background screening to ensure taxpayer dollars are spent wisely. Screening details will be communicated in advance to participants, and participants will have the ability to opt-out of any screening, but will forgo bounty compensation. The registration site is now live and can be accessed at https://hackerone.com/hackthepentagon. The Hack the Pentagon pilot is modeled after similar challenges conducted by some of the nation's biggest companies to improve the security and delivery of networks, products, and digital services. By providing a legal avenue for the responsible disclosure of security vulnerabilities, bug bounties engage the hacker community to contribute to the security of the Internet. Individual bounty payments will depend on a number of factors, but will come from the $150,000 in funding for the program. |
|