Military Launches New Bug Bounty Program: Hack the Army


A soldier, assigned to the 780th Military Intelligence Brigade on Fort Meade, Md., sets up low level voice intercept equipment during a cyber integration exercise on Joint Base Lewis-McChord, Wash. Bug Bounty.Army Secretary Eric Fanning announced the military’s newest bug bounty program inviting white hat hackers to “Hack the Army” and get paid for it by the Defense Department.

The bug bounty program will kick off this month, Fanning announced from the Pentagon’s Defense Innovation Unit Experimental (DIUx) office in Austin, Texas. The Hack the Army program follows the success of the Hack the Pentagon program executed by the Defense Digital Service last year.

These bug bounty programs are common in corporate America. Companies pay cash to hackers who find vulnerabilities in recently launched software. In fact, running these bounty programs is big business in places like Silicon Valley.

However, the Defense Department only started running these types of programs this year in an effort to find holes in the software coding protecting defense data. Adopting these types of programs common in commercial technology companies was the inspiration for the Pentagon’s innovation initiative led by Defense Secretary Ash Carter.

“We’re not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense. We’re looking for new ways of doing business,” said Fanning at the Austin press conference at Capital Factory.

The Army is inviting hackers to find vulnerabilities in the service’s recruiting digital infrastructure. This bug bounty is invite-only outside of military and government personnel. This program will seek help to protect the personal information of new Army recruits and current soldiers.

The bug bounty program will be run by the security consulting firm HackerOne, which also ran the Hack the Pentagon program. HackerOne has operated these bug bounty programs for commercial companies before receiving a Pentagon contract.

Fanning said he hoped the bug bounty programs would continue to spread across the services after military leaders saw such success with the Hack the Pentagon program. Carter said recently that the military saved millions of dollars paying for white-hat hackers to identify vulnerabilities versus the traditional approaches the military had previous taken.

Fanning also cited the Hack the Army program as a great opportunity to get new people and companies who never would have thought to work with a military service working in collaboration.

We’ll post the link to the program once Hack the Army goes live. You can also follow HackerOne’s site for more information.

Leave a reply