The Department of Defense took a giant step toward making good on its promise earlier this summer to revive and expand a successful cybersecurity program.
The program, called a bug bounty program, pays rewards to hackers who report security vulnerabilities to give Defense the chance to fix soft spots before malicious hackers can break in. The Pentagon ran a successful one-month pilot program between April and May.
On Thursday, the DOD announced it gave yearlong contracts to HackerOne and Synack, a pair of firms specializing in bug bounty programs, to create a broader, more long-lasting program.
HackerOne ran the original Pentagon bug bounty program, known as Hack the Pentagon, which was limited to five public-facing websites and lasted less than a month. Nonetheless, it turned up more than 130 vulnerabilities. After Hack The Pentagon, Defense Secretary Ash Carter announced the DOD would bring the program back.
The new programs will be designed for a broader range of service and contractor groups to voluntarily co-opt.
Bug bounties are an increasingly important part of the security landscape and are in place at companies ranging from Google and Tesla to United Airlines and Roche.