In a recent announcement, the U.S. Department of Defense’s Defense Digital Service (DDS) revealed the expansion of the Hack the Pentagon crowdsourced security program, forging a new partnership with HackerOne. As one of three vendors selected to receive a contract under the program’s expansion, HackerOne will now be tasked with conducting private assessments against sensitive, internal systems in addition to their existing contract for public-facing assets. This development marks a significant step forward in the ongoing efforts of the DoD to drive innovation in the realm of security.
The Hack the Pentagon initiative, first launched in 2016, represented a pioneering effort in the realm of federal bug bounty programs, with HackerOne playing a pivotal role in its inception. Over the past two years, more than 5,000 valid vulnerabilities have been reported in government systems through HackerOne, with 2,000 of those reported in the last year alone. This steady stream of vulnerability reports underscores the vital importance of ongoing collaboration between ethical hackers and government entities in safeguarding critical services and data.
Since its inception, the Hack the Pentagon program has made significant strides in terms of reach and impact. What initially began as a bug bounty challenge restricted to U.S. citizens rapidly gained momentum, with over 130 valid bugs resolved in the Pentagon’s systems within the first month. Subsequent collaborations with the Army, Air Force, Defense Travel System, and most recently, the Marine Corps, have further expanded the scope and impact of the program. In addition, the DoD’s ongoing vulnerability disclosure program has provided an open channel for individuals worldwide to report security vulnerabilities, fostering a culture of transparency and collaboration.
The collaborative efforts between HackerOne and various branches of the military have yielded impressive results, with over $500,000 paid out to ethical hackers for their contributions in safeguarding government assets. Programs such as Hack the Army, Hack the Air Force, Hack the Defense Travel System, and more have surfaced hundreds of valid vulnerabilities in critical systems, with monetary rewards provided to incentivize ethical hacking efforts. The success of these initiatives underscores the value of crowdsourced cybersecurity solutions in bolstering the resilience of government infrastructure against cyber threats.
Live hacking events organized in partnership with HackerOne have further underscored the commitment of the federal government to fostering collaboration with ethical hackers. Hackers participating in events such as Hack the Air Force 2.0 and Hack the Marine Corps have simulated live attacks on government assets, providing valuable insights into potential vulnerabilities. The media coverage of these events, such as the Hack the Marine Corps live hacking kickoff featured on NBC Nightly News, has helped raise awareness about the critical role of ethical hackers in protecting government assets.
Looking ahead, the momentum surrounding government-led bug bounty programs shows no signs of slowing down. With the support of a growing community of ethical hackers, organizations like HackerOne are well-positioned to drive innovation and enhance cybersecurity practices across various industries. As the number of hackers in the community continues to grow, reaching over 250,000 and on track to exceed a million, the future looks bright for collaborative efforts to mitigate the risks of cyber breaches.
In conclusion, the ongoing collaboration between the U.S. Department of Defense, HackerOne, and the global hacker community highlights the transformative potential of crowdsourced cybersecurity solutions. By harnessing the expertise and creativity of ethical hackers, government entities and organizations alike can fortify their defenses against evolving cyber threats, laying the groundwork for a more secure digital landscape.