The bug bounty program that the Defence Department initiated back in March now has a price. The Defence Department said that it was partnering HackerOne, a San Francisco-based company for the upcoming bug bounty challenge, “hack the Pentagon.” The challenge has started, and interested parties now start signing on the initiative’s website.
The Defence Department put up a bounty of $150,000, which is a sizeable amount compared to other bug bounty programs. The money is up for grabs if you manage to locate security holes in the department’s software servers. The size of each payment would, however, depend “on some factors”.
The bug’s bounty program which was announced last month challenged outside third parties to come and try and find bugs and security vulnerabilities in Pentagon systems. In a released statement, the Department of Defence mentioned that the several weeks long program was going to be led by HackerOne. HackerOne is a security reporting platform used by almost everyone ranging from Facebook to IBM. It is also venture backed.
The Defence Secretary, Ash Carter Said in a statement that, “This initiative will put the department’s cybersecurity to the test in an innovative but responsible way. I encourage hackers who want to bolster our digital defences to join the competition and take their best shot.” According to the department, the idea was to bring in people who were outsiders who would try and break the Pentagon system.
The bug bounty program is mainly known to be done by tech companies that want to keep their systems and servers safe. Companies often hire other cyber security companies to try and hack into the corporations system and physical locations, otherwise known as penetration testing. The idea is that the Department of Defence is implementing it, however.
The firm partnering with the Pentagon, HackerOne’s CEO, Marten Mickos said in a statement, “Embracing the hacker community is not only a watershed move by the Pentagon, among the world’s most influential organizations but also signals deeply promising progress for all of the software security.” The Pentagon seems to be starting small to (or “intending to”) going big later. They are also emphasizing that no, “critical, mission facing computer systems” will be involved in the program. Only a few of the department’s public websites will be made available and put to the test by the hackers who decide to sign up. All prospective hackers have to go a comprehensive background check first before they can be hired for the program.
The “Hack the Pentagon” program is scheduled to start on April 18 and run until May 12.