The Department of Defense is inviting hackers to look for vulnerabilites in its network, analyze the security of its public-facing webpages, and attempt to break into its systems. The program, "Hack the Pentagon," is the federal government’s first bug bounty program and will be modeled after those of private companies. The program details are still being worked out, but monetary rewards are in the realm of possibilities. The DoD will clarify in the coming weeks.
Not just anyone can hack into the network and call it research, however. Participants will have to register and submit to a background check before looking for bugs. Once they’re vetted, researchers will be given a predetermined department system and a set amount of time to access it. The program will launch in April and is part of the government’s massive cybersecurity plan announced last month.
Bug bounty programs grew in popularity over the past few years as companies launched not only their own private programs but also outsourced the effort to "hackers for hire" groups, like HackerOne. Letting public researchers investigate networks gives companies an opportunity to test their security in the real world. Facebook, Twitter, Yahoo, Microsoft, United Airlines, Tesla, and multiple other big names have collectively doled out hundreds of thousands of dollars' worth of rewards for their programs.