Hack the Pentagon program
The US Department of Defense has started accepting applications for its “Hack the Pentagon” commercial bug bounty program.
According to an announcement released by the Defense Department, the goal of the Hack the Pentagon program is to identify as well as resolve vulnerabilities in security within the department’s websites through crowdsourcing.
In order to qualify for participating in the Hack the Pentagon program, hackers are required to satisfy the conditions listed below:
#1: They must successfully complete the participant registration form made available on the website of HackerOne.
#2: They must have the authorization to work in the United States of America.
This means that hackers must have an employee identification number or a U.S. taxpayer identification number and a Social Security number.
They must also be able to complete all of the required verification forms.
This is to say that hackers must be U.S. citizens, noncitizen U.S. nationals, permanent residents or those that are authorized to do some kind of a job within the country.
#3: Their names should not have been included in the Specially Designated Nationals list (of both people and organizations involved in drug trafficking and terrorism) of the Treasury Department.
#4: Finally, hackers participating in the bug bounty program should not be residing in countries which are subjected to trade sanctions by the US.
Further, the announcement by the Department of Defense noted that a hacker who submits a valid bug report will be subjected to criminal background checks to make sure that taxpayers’ money is being spent wisely.
The program Hack the Pentagon, which will be run for about a month from 18 April 2016 to 12 May 2016, is being offered by the Department of Defense in coordination with the bug bounty platform HackerOne, a vulnerability disclosure company, which was launched in 2012.
The platform serves all corporations and includes, but is not limited to, Adobe, Twitter and AirBNB. Currently, HackerOne is also in charge of the new bug bounty program announced by Uber.
However, the Department of Defense has not made it clear as to how much they will be paying on a per bug basis.
The bounties are likely to be paid from the $150,000 budget allocated for the program.
Further, exact payment for each bug will be based on several factors.
As a strategy to avoid hack attack and augment security, bug bounty programs are becoming increasingly popular.
In the case of bug bounty programs, hackers (software developers, engineers and coders, among others) are allowed to participate and identify or root out bugs in general, and specifically security-themed bugs.
Almost all tech giants offer bounty programs these days.
Facebook even handed out special “white hat” debit cards to hackers who were successful in hunting down and reporting vulnerabilities.
“Critical, mission-facing computer systems will not be involved in the program.”
In the Defense Department’s announcement, Peter Cook, Pentagon Press Secretary, said that the program will cover a number of public websites of the department and these sites will be revealed to the participating hackers as the starting date of Hack the Pentagon program approaches.
However, he noted that critical and mission-facing computer systems will out of the purview of Hack the Pentagon program.
When the program Hack the Pentagon was announced early last month, Ash Carter, Secretary of Defense, had said that he always encouraged and challenged people in the department to think outside the five-sided box, the Pentagon.
According to him, inviting hackers who are responsible to test Pentagon’s cybersecurity certainly amounted to taking up the challenge.
He had also said that he is confident that the innovative initiative would strengthen the digital defenses of the Pentagon and also enhance the national security.
Security Breaches and Hack Attacks
Actually, the announcement of the program Hack the Pentagon is a welcome initiative on the part of the Department of Defense in view of the security breaches and hack that have been reported in the recent past.
OPM hack – the Office of Personnel Management revealed in July 2014 that personal data of over 20 million current as well as former government workers, including that of employees from the Department of Homeland Security, were stolen in a massive security breach and hack.
In June 2015, a year later, stolen government login information was found all over the internet, exposing 47 agencies across 89 domains.
Latest posts by Richard (see all)
- Wide Range of Job Ads Available on the Dark Web - November 5, 2018
- Continuous Exploit of RDP Pushes FBI to Issue Warning to Potential Targets - October 29, 2018
- Ross Ulbricht’s Fifth Year in Jail - October 10, 2018