"Pentagon Looking for a Few Good Hackers"

The US Department of Defense (DoD) unveiled an experimental bug bounty program on July 4th, offering cash prizes to white hat hackers. Since 2016, the Pentagon has experimented with accepting vulnerability reports from security researchers. Most recently, the Pentagon gave researchers credit for closing more than 6,000 vulnerabilities on military IT systems that were accessible via the Internet in 2021 alone. The military has previously offered to compensate researchers for exploits, but this latest pilot program, launched with vulnerability disclosure partner HackerOne, marks the first time the military has considered providing ongoing prizes. The pilot program has a $110,000 cash pool, with $75,000 set aside for first-submitted, first-awarded high- and critical-severity findings and $35,000 set aside for awards like the best finding on the army.mil domain. Its announcement comes shortly after HackerOne completed a year-long test of bug bounties created with a few dozen volunteer companies from the defense industrial base. According to Alex Rice, co-founder and chief technology officer of HackerOne, hackers are uniquely well-equipped to find vulnerabilities that other automated scanning and Artificial Intelligence (AI) tools fail to detect, and the DoD has long recognized the benefits of working with hackers. Over the last decade, bug bounties have become more popular, mainly as major technology companies such as Google, Facebook, and Microsoft have established programs to accept unsolicited reports from outside researchers. This article continues to discuss the newest experimental bug bounty program launched by DoD. 

GovInfoSecurity reports "Pentagon Looking for a Few Good Hackers"