The Hack the Pentagon program that was initiated a few months ago by the Department of Defense has started bringing in results. High tech hackers who felt they could breach the security wall of the DoD signed up. And it seems they did a good job as they managed to find 138 different security gaps, according to the Defense Secretary Ash Carter.
The hackers, known as white hat hackers were given a chance to do as they please with the network servers of the Pentagon, and for their endeavors, they would get various bounties all depending on the type of vulnerabilities they found. According to the Pentagon said 1,410 hackers had participated in the challenge, and it seems that the first gap had just been seen 13 minutes after the program had begun.
In total, the group managed to find 1,189 flaws but after review by the Pentagon, only 138 of them were deemed to be valid and unique. The program is also said to have cost $150,000. The breakdown of the money spent was as such: approximately half of it was given out to hackers as bounty rewards. The highest bounty received was $15,000, and it was also the maximum on offer. Other hackers received their bounty depending on the flaw they had found. The lowest amount received was $100.
Carter said that the bugs that were paid bounties for were the ones which the department had no clue about before and they now have an opportunity to fix the problems. He said that the bounty program had been highly successful because the process had been efficient and convenient. It’s surely better than finding out the hard way he said.
The program marked the first time that the federal government had employed a program of this sort. Many of the tech companies, however, have already been using the program to help themselves uncover some unknown flaws.
The Hack the Pentagon bounty program is going to be followed by some few initiatives which will include giving hackers a chance to report any security gaps they find in the system at the DoD without any prosecution levied on them. The department is also willing to expand the bounty program to the military services and urge the contractors also to employ the program.
Some of the hackers came from various groups and backgrounds. One of the hackers who participated was David Dworken, who recently graduated from high school. He managed to report six vulnerabilities, but other hackers had already reported them. But he didn’t feel discouraged; rather he said that the experience had been good as he could network and build a reputation for himself. He said he had already managed to secure some internships over the summer because of the program.