Security News > 2022 > July > Pentagon: We'll pay you if you can find a way to hack us
The US Department of Defense has created a broad but short bug bounty program for vulnerabilities in public-facing systems and applications.
The Hack US program kicked off on Independence Day and is scheduled to run though July 11, with reward totals reflected by the severity of the flaws.
In April, Microsoft upped the reward amounts in its bug bounty program by as much as 30 percent for ethical hackers who find "High-impact" bugs in its Office 365 products, while Meta in December 2021 widened its program to include scraping attacks on Facebook.
"Bug bounty programs are quite successful for both organizations and security researchers," Ray Kelly, Fellow at integrated software vendor Synopsys Software Integrity Group, tells The Register.
The DoD's pilot program that ended in April - the Defense Industrial Base-Vulnerability Disclosure Program - launched with 14 voluntary participating companies and 141 assets under the microscope, but interest in the program convinced the agency to expand it to include 41 companies and 348 assets.
Bugcrowd founder and CTO Casey Ellis tells us that DC3 made a smart move to upgrade its vulnerability disclosure program to include a paid bug bounty program.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/05/dod-hackus-bug-bounty/
Related news
- China-Linked Cyber Threat Group Hacks US Treasury Department (source)
- CISA says recent government hack limited to US Treasury (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)