The Pentagon crowd-sourced bug bounty program has attracted a lot of researchers at the moment. The researchers who are looking to exploit the Pentagon’s system and find any flaws that lie within are up to 500.
The program can already be deemed a success even if it only reached its halfway point this past week. Background checks have been already conducted on 500 prospective researchers right now as they plan ways to start the search for security flaws on the system. HackerOne, the company responsible for the program released details of the numbers of the ‘Hack the Pentagon’ project. The project was announced back in March is actually one of the first federal government programs that is using private sector methods to crowdsource and introduce a search for security flaws in its system.
The program which contains a bounty of $150,000 started in the past two weeks and is set to continue for another two more. The two parties involved, the Pentagon and HackerOne, have not provided any details as to how the program has been so far, but the chief technology officer and co-founder of the vulnerability program management service HackerOne, Alex Rice, said that if none of the researchers working on the program found no significant vulnerability, then it would be an extreme statistical outlier.
In other words, he said since the launch of bug bounty programs by various companies, he had not seen scenarios where there had been no found bugs in the system. Everyone who starts these programs expects to see something.
The program might be the first started and sponsored by the federal government, but signs show something else. With the rise in attacks of online security, other companies, and government agencies might just jump on the bandwagon. CEO and founder of BugCrowd, Casey Ellis, said in most cases attackers only had to find one fault in the system, whereas defenders had to hire numerous security workers to keep the system clean. He mentioned that the government was in a tight position because they could not hire any security workers fast enough while at the same time they were still being hacked.
HackerOne’s Rice, however, mentioned that the government would get better results because they had researchers numbering in the hundreds working on the project. With the best security teams working on it from every angle gives the government something to work with said Rice.
At the time of the announcement, US Defense Secretary, Ash Carter said the program was a way the government was approaching hacking in order to blunt the attacks. In a statement at the time, he noted that the idea was as a result of how he challenges his people to think outside the five-sided box called the Pentagon.
The bug bounty program which is being hosted in partnership with the hacker provider company, HackerOne began on April 18 and is slated by May 12. According to the Defense Department, the company will pay the winners of the program no later than June 10, with a $150,000 bounty earmarked by the Department for the program.
The Department of Defense has called the initiative one of its plans of pushing forward the administration’s Cyber National Action Plan. The plan is earmarked to for the government to prioritize immediate actions that can help boost and bolster the country’s networks defenses.