US DoD awards contracts to expand ‘Hack the Pentagon’ project

26 October 2018 (Last Updated May 1st, 2019 10:12)

The US Department of Defense (DoD) has awarded contracts to expand its ‘Hack the Pentagon’ crowdsourced security programme.

US DoD awards contracts to expand ‘Hack the Pentagon’ project
Hack the Pentagon bug bounties help identify and resolve security threats across targeted DoD assets. Credit: Mike Corbett https://bitsfrombytes.com/

The US Department of Defense (DoD) has awarded contracts to expand its Hack the Pentagon crowdsourced security programme.

The contracts have been awarded to three private-sector companies in a bid to enhance the DoD’s ability to strengthen security for internal assets.

Headed by the Defense Digital Service (DDS), Hack the Pentagon bug bounties are tasked with identifying and resolving security threats across targeted DoD websites and assets. They also promote the discovery and detection of bugs by paying cash to security researchers or ‘ethical hackers’.

The defence department will continue to develop bug bounties for public-facing websites and pursue other crowdsourced security tactics.

DDS is a DoD team that works in collaboration with other components of the department and external government agencies in order to advise on bug bounties, crowdsourced security, vulnerability disclosure policies, and private sector best practices and approaches.

“Expanding our crowdsourced security work allows us to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets.”

Defense Digital Service director Chris Lynch said: “Finding innovative ways to identify vulnerabilities and strengthen security has never been more important.

“When our adversaries carry out malicious attacks, they don’t hold back and aren’t afraid to be creative.

“Expanding our crowdsourced security work allows us to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We’re excited to see the programme continue to grow and deliver value across the department.”

The initiative was launched by the US DoD in 2016 as the government’s first bug bounty programme.

Later, the department launched its Vulnerability Disclosure Policy as part of the crowdsourced security initiative.

Since its launch, the Hack the Pentagon programme has enabled the defence department to identify and remedy a wide range of security vulnerabilities.