Hack the Army - and Get Paid for It
The U.S Army is the next branch of the Department of Defence to embrace the bug bounty bounty model in an effort to improve security.
The U.S. Army wants you - to hack its systems. That's right. The U.S. Army is now inviting hackers to take direct aim at its software, as part of a new bug bounty program that is set to launch later this year.
This isn't the first time a branch of the U.S. armed forces has invited security researchers to hack it. Back in March, the Hack the Pentagon effort got underway, which was the initial attempt at enabling a bug bounty program. Hack the Pentagon was run on the HackerOne bug bounty platform and demonstrated the value of working with external researchers to the Department of Defense.
"Hack the Pentagon demonstrated the success of bug bounty challenges for U.S. government assets with 138 vulnerabilities resolved during the 24 day pilot," a HackerOne spokesperson told eSecurityPlanet. "Hack the Army will take this pilot a step further as the first bug bounty challenge for the Department of the Army."
The goal of the Hack the Pentagon program is to supplement the work the dedicated soldiers and contractors do daily to keep the U.S. Army's information and networks safe. Full specifics on the Hack the Army program are set to be publicly disclosed in the coming weeks.
Hackers will be able to participate exclusively on the HackerOne platform and Hack the Army challenge specifics will be available in the coming weeks.
The Hack the Army effort is part of a Department of Defense Digital Services engagement that HackerOne first announced on October 23.
"Hack the Army is the first of many bug bounty security initiatives driven by DoD's Defense Digital Services in partnership with HackerOne," the spokesperson said. "This bold initiative is part of a three year contract to bring bug bounty programs to other departments to enhance cybersecurity with the help of the hacker community."
Secretary of the Army Eric Fanning held a press conference on November 11 to announce the Hack the Army effort.
"We're not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense," Fanning said. "We're looking for new ways of doing business."
While the U.S Army has plenty of its own resources, Fanning sees engaging with the broader security researcher community as being a force multiplier.
"Our country is home to some of the best researchers in the world and Hack the Army will give rise to an invisible force to help protect our nation's most valuable assets," Fanning said.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist