Eric Fanning, Secretary of the Army, announced plans to set up a bug bounty. The US Army, according to the press release, partnered up with HackerOne to have eligible hackers find exploits in the Army’s cybersecurity systems.
HackerOne is a “vulnerability coordination and bug bounty platform” that previously partnered with the Department of Defense for the widely successful “Hack the Pentagon.” According to HackerOne, “Hack the Pentagon” participants revealed 138 vulnerabilities in 24 days.
The US Army’s program will be similar in structure.
Following the initial hacking run, the Department of Defense will begin to expand these programs to other essential departments. The US Army is the first of these “bold” challenges, a HackerOne spokesperson published in a press release. So far, HackerOne has worked and had success with the following companies: Uber, Twitter, New Relic, General Motors, Github, CloudFlare, Kaspersky Labs, Panasonic Avionics, Snapchat, Zenefits—and the Department of Defense.
The Secretary of Defense, Ash Carter, has been quintessential in terms of promoting this level of interaction with the private sector.
Carter spoke about the usefulness of the “Hack the Pentagon” program:
By allowing outside researchers to find holes and vulnerabilities on several sites and subdomains, we freed up our own cyber specialists to