Written byChris Bing
Following the successful implementation of a similar program aimed across the Department of Defense earlier this year, the U.S. Army announced plans to launch its own bug bounty program Friday.
“There is a large number of technologists and innovators who want to make a contribution to our nation’s security but lack an avenue to do so. These initiatives known as bug bounties offer a means for innovative citizens, patriots to contribute to the mission,” said Secretary of the Army Eric Fanning, “even as we speak, this very moment, there are black hats that are trying to challenge our networks.”
San Francisco, Calif.-based HackerOne will once again help lead a collaborative security exercise where freelance hackers will be paid to find software flaws in a segmented portion of the U.S. Army’s IT infrastructure.
The exact hacking targets for the U.S. Army bug bounty program were not disclosed by Fanning on Friday and a HackerOne spokesperson also declined to comment, noting that further details will be made public later this month.
In late October, HackerOne, along with fellow bug hunting company Synack, signed a $7 million contract with the U.S. government through the Defense Digital Services office to conduct upwards of 14 bug bounty programs in total. It appears the U.S. Army program is among the first to be announced.
“Inviting the hacker community to find unknown security vulnerabilities will supplement the great work the Army’s talented cybersecurity personnel are doing already,” HackerOne said in a statement.
With the Hack the Army event, Fanning said that he hopes to take the Pentagon’s example one step further by expanding the scope of what these white hat hackers will test. Later this month, HackerOne plans to open the program up to applicants.
“As adversaries become more sophisticated and the threat environment continues to evolve, maintaining the highest levels of security has never been more important,” Mark Wright, a spokesman at the Office of the Secretary of Defense, previously said. “By partnering with these leading crowdsourced security companies, we can take a much more innovative, diverse, scalable and effective approach to better protect and defend our digital assets.