Defense

Army announces bug bounty program

Shutterstock image. 

That old Army slogan, "We Want You!" is taking on a new form. Now, the Army is saying, "We Want You -- to Hack Us!"

A few months after the Pentagon wrapped up its first bug bounty program, the Army, in coordination with the Defense Digital Service, is following suit with a newly announced "Hack the Army" program.

"What Hack the Pentagon validated is that there are large numbers of technologists and innovators who want to make a contribution to our nation's security but lack an avenue to do so," said Army Secretary Eric Fanning when announcing the new initiative in Austin, Texas, on Nov. 11.

Fanning said that these bug bounty programs allow white hat hackers the opportunity to help make the DOD and now the Army's digital systems more secure.

The Army will reveal the sites available to be hacked by participants in the coming weeks. Fanning said to expect the challenge to involve public facing recruiting sites that contain dynamic data, rather than the static data sites that were hacked in the DOD bounty program.

"This is dynamic content, this is where we're gathering personal information from people who want to join the Army and people who are in the Army, and we want to make sure that that information is secure," said Fanning.

"These assets have deep ties to the Army's core operations, [and] as Secretary of the Army, the security of these foundational systems is incredibly important to me," Fanning added.

"There are people all over the world that are trying to get access to our sites, our data, our information, and we have a very well trained, incredibly capable team in the military, in the Department of Defense, but it's not enough," said Fanning. "The more different sets of eyes, more different teams…that we can bring to this problem, the more secure we're going to feel about our information."

Another change from the DOD bounty program is that Hack the Army will be open to members of the military -- active and reserve components -- as well as government civilians. The DOD program was open only to private civilians who passed through a security clearance.

Like its DOD predecessor, the Army bounty is being administered in partnership with HackerOne. The Hack the Pentagon competition attracted some 1,400 participants who generated more than 1,000 vulnerability reports -- 138 were resolved and the hackers received tens of thousands of dollars of prize money in return.

Fanning said that the Army bug bounty is part of the broader effort to make it easier for private industry to do business with the Pentagon.

"We recognize that we can't continue to do business the way that we are and that we're not agile enough to keep up with a number of things in the tech world," said Fanning.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.