In March, the Defense Department announced the “Hack the Pentagon” program, the first-ever bug bounty program for the federal government. The announcement led to a widespread debate about the possible sort of bugs that the hackers would uncover.
The Defense Secretary Ash Carter has now announced the findings of the program. More than 1400 hackers took part in “Hack the Pentagon” program. Out of these participants, more than 250 hackers submitted their reports, listing at least 1189 bugs. The experts then filtered these vulnerability reports to ascertain the legitimacy of the bug.
“ [More than 138 bugs were found to be] legitimate, unique and eligible for a bounty.”
The maximum prize awarded to an individual amounted to $15000. This was a part of the pilot program that ran from the April 18 to May 12. The entire program accumulated a cost of around $150,000. Carter justified the cost stating that:
“It’s not a small sum, but if we had gone through the normal process of hiring an outside firm to do a security audit and vulnerability assessment, which is what we usually do, it would have cost us more than $1 million,”
The DoD site stated that:
‘ “Hack the Pentagon” was aimed towards finding out the vulnerabilities in the five US Defense departments’ websites, defense.gov, dodlive.mil, dvidshub.net, myafn.net and dimoc.mil for security bugs.’
The government worked in collaboration with HackerOne, a bug bounty platform, to fix the security bugs. Carter emphasized the importance of strong military-citizenry relationships:
“Build stronger bridges to innovative citizens who want to make a difference to our defense mission.”
The defense department wants to create a network of researchers that will regularly check for the bugs in the government sites.
“When it comes to information and technology, the defense establishment usually relies on closed systems. But the more friendly eyes we have on some of our systems and websites, the more gaps we can find, the more vulnerabilities we can fix, and the greater security we can provide to our warfighters.”
This effort of the federal government promises a good experience for the internet security enthusiasts who want to try their hand at hacking the government sites. Check out the video below to find out more:
