In a post on Facebook, where US secretary of defence Ash Carter announced that the intention is to offer a bug bounty modelled on those already offered by Microsoft, Google and others in order to improve the security and delivery of networks, products and digital services. As yet no details have been provided about monetary and other rewards of the scheme.
For the pilot program that will launch in April:
"... the DoD will invite vetted hackers to hack the Pentagon in an effort to test our digita security in the first federal government bug bounty. Under the pilot programme, we will allow qualified participants to identify vulnerabilities on the department's public web pages."
This is unlikely to be the DoD's first initiative involving white hat hacking. Back in 2012 we noted on I Programmer that the US Department of Defense hired 250 hackers per year to combat cyber threats. However that was before the launch of the Defense Digital Service (DDS) which includes a small team of engineers and data experts meant to improve the department’s technological agility and will lead the Hack the Pentagon initiative..
According to Ash Carter:
Participants in the bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program. Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined asset. This bug bounty will not compromise any of the department’s critical, mission-facing systems. Instead, it will challenge our digital security in new and innovative ways.
His Facebook post concludes:
I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security. I encourage all who meet the requirements, to participate in this historic opportunity to see if you can “hack the pentagon."