The Department of Defense is turning hackers loose on its networks yet again. The fifth iteration of the “Hack the Pentagon” bug bounty program, which launched April 1 and closes April 29, will focus on identifying flaws in the public-facing websites of the Defense Travel System, an enterprise system DoD employees use to book travel across the globe.
“The DoD has seen tremendous success to date working with hackers to secure our vital systems, and we’re looking forward to taking a page from their playbook,” said Jack Messer, project lead at Defense Manpower Data Center.
“We’re excited to be working with the global ethical hacker community, and the diverse perspectives they bring to the table, to continue to secure our critical systems.”
The newest iteration — which is continuing to work with HackerOne, an organization that helps companies run bug bounties — will allow participants that are U.S. citizens; are eligible to work in the United Kingdom, Canada, Australia or New Zealand; are active military members; and/or are contractors.
However, military and contractors will not be eligible for the hundreds of thousands of dollars in cash rewards.
“Millions of government employees and contractors use and rely upon key enterprise systems every day,” said Reina Staley, chief of staff at Defense Digital Service.
“Any compromise of the system or the sensitive information it handles would be detrimental to our people and our mission. These bug bounty challenges are a way to give talent outside the public sector a channel to safely disclose security issues and get rewarded for these acts of patriotism.”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.