U.S. Announces ‘Hack The Pentagon’ Bug Bounty Program by Bill Chappel.
From the post:
Announcing what it calls “the first cyber bug bounty program in the history of the federal government,” the Department of Defense says it’s inviting hackers to test the security of its Web pages and networks.
The contest is only for “vetted hackers,” the DoD says, which means that anyone hoping to find vulnerabilities in its systems will first need to pass a background check. Participants could win money and recognition for their work, the agency says.
The pilot program is slated to begin in April. And if you’re wondering whether the hackers might disrupt a critical piece of the Department of Defense’s infrastructure, the agency says that hackers will target a predetermined system that’s not part of its critical operations.
According to a list published by the Defense Department, it currently manages 488 websites, which are devoted to everything from the 111th Attack Wing and other military units to the Yellow Ribbon Reintegration Program.
The “Hack the Pentagon” initiative is the work of the Defense Digital Service, a DoD unit that was launched last fall as part of the White House’s U.S. Digital Service.
…
A sad story. A Pentagon bug bounty program, even if limited to only parts of the DoD’s infrastructure, could pull cyber talent from around the world.
End result: Better security for the Pentagon and bug reports on commonly used elements of web infrastructure.
However, the Pentagon wants only “vetted hackers.”
A pool of non-threatening or at least docile talent that is willing to find but also conceal vulnerabilities.
The bug bounty program is a great idea, “vetted hackers” is the perfect way to diminish its value. To the Pentagon and the general public.
What this program needs is an anonymous rewards program like Crime Stoppers.
That would attract the best talent which in turn increases the security of Pentagon systems.
Or, is that the point of this program?
Won’t know that until the list of “vetted hackers” is published. Anyone at Lloyd’s giving odds on the same names appearing on current DoD contracts?