Pentagon picks HackerOne as bug bounty partner


Written by

Vulnerability coordination provider HackerOne will work with the Department of Defense to run the first-ever federal government bug bounty, where hackers across the country will test the limits of the Pentagon’s cybersecurity.

The DoD announced Thursday that they awarded HackerOne the contract for the “Hack the Pentagon” program, which will begin April 18 and end May 12. Modeled after the programs run by large tech companies, the contest is the brainchild of the Defense Digital Service and is supported by Defense Secretary Ash Carter.

“This initiative will put the department’s cybersecurity to the test in an innovative but responsible way,” Carter said in a statement. “I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot.” 

Under the contract, HackerOne will enhance the department’s cybersecurity by inviting qualifying hackers to participate in the 20-day pilot. Though individual bounty payments are not pre-determined, they will come from the program’s $150,000 funding. In the past, the company worked with Facebook, Microsoft and other companies to help them run bug bounties.

“Collaboration and transparency with external finders has become essential to securing connected software on the Internet,” HackerOne CEO Mårten Mickos said in a statement. “Embracing the hacker community is not only a watershed move by the Pentagon, among the world’s most powerful organizations, but also signals deeply promising progress for all of software security.”

You can register here for the bounty. Participants will need to go through a background check to participate.

Contact the reporter on this story via email: Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here:

-In this Story-

Attacks & Breaches, Cybersecurity, Tech
TwitterFacebookLinkedInRedditGoogle Gmail