Pentagon Invites Ethical Hackers to Spot Network Vulnerabilities

The Department of Defense and HackerOne have invited white hat hackers to join the Hack U.S. program, which is designed to help secure the agency’s networks.

According to HackerOne, the bug bounty program started on Monday and will end on July 11. Participants will be tasked with finding high and critical vulnerabilities. They will look for such gaps in the DOD’s publicly accessible information systems, web property and data.

Hack U.S. is offering up to $110,000 in prizes. Hackers will receive $1,000 per flaw that they spot and report and $500 for any high-severity weakness they find.

Participants also have the opportunity to win up to $5,000 as a grand prize.

The program is run under the Pentagon’s Vulnerability Disclosure Program, The Record reported Tuesday.

The DOD has been using white hat hackers to improve its network security. In 2021, the department expanded the VDP to allow ethical hackers to target its publicly accessible information systems, such as industrial control systems and internet-of-things offerings.

In 2020, the Defense Advanced Research Projects Agency launched the Finding Exploits to Thwart Tampering bug bounty program, which was a wargame-style event that focused on electronic systems security.

Bug bounty programs were also used to find fixes to more recent vulnerabilities, such as Log4j, which potentially affected thousands of public-facing military websites.