US DoD puts up $150,000 for first government bug bounty

The US Department of Defense has open the doors for hackers to register with its pilot bug bounty, dubbed "Hack the Pentagon".

The DoD announced the pilot at the beginning of March but didn’t reveal specifics of the program, including whether hackers could expect payment for finding and reporting bugs in DoD systems.

The department said today it will partner with third-party bounty platform, HackerOne, which recently added Uber to its list of bounties.

The company’s vulnerability coordination system is free for customers, but it charges a 20 percent fee to use its payment processing systems to send awards to participants.

DoD is not the first non-tech organisation to run a bounty, but it is the first US federal government organisation to test the model and is also probably the world’s largest end-user IT organisation.

DoD hasn’t spelled out how much it will pay for different types of bugs that researchers may discover, but it has allocated $150,000 in funding for the program, which isn’t a small sum given the pilot runs for less than one month.

"This initiative will put the department's cybersecurity to the test in an innovative but responsible way," said Defense secretary Ash Carter. "I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot."

The program is only open to US citizens, permanent residents, and any non-US citizens with a permit to work in the country. Also, hackers who want to participate will need to apply. US Defense employees are not allowed to participate however US government contractors are and will be eligible for awards if they find bugs.

The pilot will start on Monday, April 18 and concludes on Thursday, May 12.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags US department of defenseBug Bounty ProgramUberend-userHackerOnedigital defense

More about NewsUber

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts