Carter concludes 'Hack the Pentagon'

By Tony Bertuca / June 17, 2016 at 1:55 PM

Defense Secretary Ash Carter today praised the work of hundreds of "white-hat" hackers who participated in a pilot program to "hack the Pentagon" in search of cyber vulnerabilities.

More than 1,400 friendly hackers were declared eligible to participate in the "bug bounty" program, while 250 found and submitted at least one cyber vulnerability, Carter said. In total, the pilot discovered and reported 138 "legitimate and unique" vulnerabilities.

"No federal agency had ever offered a bug bounty," he said. "Through this pilot we found a cost effective way to supplement and support what our dedicated people do every day."

Carter said the $150,000 crowd-sourced program would have cost upwards of $1 million if the Defense Department had hired a private firm to conduct a full cybersecurity audit.

"It's a lot better than either hiring somebody to do that for you or finding out the hard way," he said. "What we didn't fully appreciate before this pilot was how many white-hat hackers there are."

Carter said DOD had plans to encourage defense contractors to submit their programs and products for independent security reviews and bug bounty programs before they deliver them to the government.

179015

About the Insider

The INSIDER is a daily news digest from Inside Defense. Every business day, the INSIDER delivers news and notes on the Defense Department, Congress and the defense industry. And every day, we send you highlights via email.

Depending on the terms of your subscription to Inside Defense, you will have easy access to the linked articles and documents.

If you have any questions about the INSIDER, please contact our Customer Service Department at 1-800-424-9068 or insidedefense@iwpnews.com.