Pentagon expands bug bounty program to all publicly accessible systems

By Justin Doubleday / May 5, 2021 at 4:16 PM

The Defense Department is expanding its "bug bounty" program to all its publicly accessible information systems, allowing authorized hackers to investigate and report cyber vulnerabilities in industrial control systems, Internet of Things devices, and other networks.

The development marks a major expansion in the scope of DOD’s vulnerability disclosure program. The original program started with a “Hack the Pentagon” program in 2016 that allowed security researchers to probe public-facing DOD networks without fear of reprisal.

In a little less than five years, researchers have submitted more than 29,000 vulnerability reports, and more than 70% were determined to be valid, according to DOD.

The updated policy allows research and reporting of disclosures in all “publicly accessible networks, frequency-based communication, Internet of Things, industrial control systems, and more,” according to Brett Goldstein, director of the Defense Digital Service.

"This expansion is a testament to transforming the government's approach to security and leapfrogging the current state of technology within DOD," Goldstein said as part of DOD’s May 4 announcement.

The disclosure program is overseen by DOD’s Cyber Crime Center. Last year, the center also announced plans to launch a pilot program allowing security researchers to investigate the networks of willing defense contractors.

211364

About the Insider

The INSIDER is a daily news digest from Inside Defense. Every business day, the INSIDER delivers news and notes on the Defense Department, Congress and the defense industry. And every day, we send you highlights via email.

Depending on the terms of your subscription to Inside Defense, you will have easy access to the linked articles and documents.

If you have any questions about the INSIDER, please contact our Customer Service Department at 1-800-424-9068 or insidedefense@iwpnews.com.