DOD expands bug bounty program to public networks, systems

virus bug in program code By Royalty-free stock illustration ID: 85711637 

White hat hackers will get even more opportunities to poke around the Defense Department for vulnerabilities now that it has expanded its bug bounty program to include all of its publicly available information systems.

The vulnerability disclosure program, which was started from the Defense Digital Service's 2016 Hack the Pentagon initiative, was initially restricted to public-facing websites and applications.

Now, the program will now include networks, frequency-based communication, industrial control systems, internet of things devices among other systems available to the public, DOD announced.

The Defense Department has been steadily expanding its capabilities to sniff out cyber vulnerabilities that could be plaguing its systems across the services, and when it comes to testing experimental hardware.

Kristopher Johnson, the director for the Pentagon's Cyber Crime Center, which oversees the program, said in a statement that "DOD websites were only the beginning as they account for a fraction of our overall attack surface."

The announcement comes after the center announced a defense industry-focused pilot of its bug bounty program in April. That yearlong pilot is expected to build on lessons from the original vulnerability disclosure program, which has found more than 29,000 vulnerabilities since its launch, according to a recent report.

So far, it has garnered more than 350 vulnerability reports in the first two weeks of launch.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected