Pentagon hires firms to create new bug bounty programs

Pentagon hires firms to create new bug bounty programs
© Getty Images

The Department of Defense took a giant step toward making good on its promise earlier this summer to revive and expand a successful cybersecurity program.  

The program, called a bug bounty program, pays rewards to hackers who report security vulnerabilities to give Defense the chance to fix soft spots before malicious hackers can break in. The Pentagon ran a successful one-month pilot program between April and May. 


On Thursday, the DOD announced it gave yearlong contracts to HackerOne and Synack, a pair of firms specializing in bug bounty programs, to create a broader, more long-lasting program.  

HackerOne ran the original Pentagon bug bounty program, known as Hack the Pentagon, which was limited to five public-facing websites and lasted less than a month. Nonetheless, it turned up more than 130 vulnerabilities. After Hack The Pentagon, Defense Secretary Ash Carter announced the DOD would bring the program back. 

The new programs will be designed for a broader range of service and contractor groups to voluntarily co-opt.

Bug bounties are an increasingly important part of the security landscape and are in place at companies ranging from Google and Tesla to United Airlines and Roche.