The U.S. Army is Launching Its First Bug Bounty Program

Source:  http://www.securityweek.com/us-army-launch-first-bug-bounty-program, https://threatpost.com/army-bug-bounty-building-new-relationships-with-hackers/121924/ (SecurityWeek, Threatpost)

Veterans day August 11, the U.S. Army became the second critical agency to announce a bug bounty reward program it will be offering. After the success of of the Hack the Pentagon program that was launched earlier this year, it was a perfect way to get white hat hackers involved in protecting national security.

The Army is reaching out to a group of technologies and researches who are trained to break into computer networks they’re not supposed to, though this initiative will be through invite-only type of program unless you’re military or government personnel. The specifics of the program have not yet been released but it’s planned to used on Army recruiting websites and databases where personal information of both existing employees and new applicants are stored. The Hack the Pentagon challenge took place in April and May and was led by Defense Digital Service which allowed anyone to register. Over 1,400 hackers signed up and program and more than 250 submitted at least one vulnerability. 138 of these submissions were later seen as valid and were eligible for a bounty, the program paid out $150,000 to researchers. Though according to the DoD it would have cost at least $1 million to hire an outside contractor to perform the same type of vulnerability testing.