Pentagon: We'll pay you if you can find a way to hack us

2022-07-05 20:06

The US Department of Defense has created a broad but short bug bounty program for vulnerabilities in public-facing systems and applications.

The Hack US program kicked off on Independence Day and is scheduled to run though July 11, with reward totals reflected by the severity of the flaws.

In April, Microsoft upped the reward amounts in its bug bounty program by as much as 30 percent for ethical hackers who find "High-impact" bugs in its Office 365 products, while Meta in December 2021 widened its program to include scraping attacks on Facebook.

"Bug bounty programs are quite successful for both organizations and security researchers," Ray Kelly, Fellow at integrated software vendor Synopsys Software Integrity Group, tells The Register.

The DoD's pilot program that ended in April - the Defense Industrial Base-Vulnerability Disclosure Program - launched with 14 voluntary participating companies and 141 assets under the microscope, but interest in the program convinced the agency to expand it to include 41 companies and 348 assets.

Bugcrowd founder and CTO Casey Ellis tells us that DC3 made a smart move to upgrade its vulnerability disclosure program to include a paid bug bounty program.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/05/dod-hackus-bug-bounty/

#hack #pentagon #US

News URL

Related news