The “Hack the Pentagon” program has proved to be a success with over 100 vulnerabilities uncovered by security researchers.
In a matter of weeks, bug bounty hunters tested the US Department of Defenses’s computer systems and found a torrent of security flaws, as reported by RT. In total, over 1,400 hackers were awarded upwards of $15,000 for the most destructive bugs.
Finding so many vulnerabilities has proved to be a success, but has also highlighted just how weak the government’s systems appear to be. Considering that the hackers were only permitted access to specific systems in a controlled manner — which did not include any important or critical systems — you have to wonder what other vulnerabilities are lurking in the US government networks.
The Hack the Pentagon project, hosted on bug bounty platform HackerOne, ran from April 18 to May 12, 2016. The program was designed to be a way for the US government to “explore new approaches to its cybersecurity challenges and evolve to adopt the best practices used by the most successful and secure software companies in the world,” but also, bug bounties can prove to be a less expensive way to keep on top of cybersecurity concerns.
At the Defense One conference in Washington, DC on Friday, Defense Secretary Ashton Carter said:
“They are helping us to be more secure at a fraction of the cost. And in a way that enlists the brilliance of the white hatters, rather than waits to learn the lessons of the black hatters.”
The Pentagon’s bug bounty program has emerged as the practice of offering financial rewards to external researchers for bug reports becomes more commonplace. Google, Tesla, Microsoft, Facebook and Twitter are just a handful of technology giants which run similar programs, resulting in thousands of dollars being issued every year in payouts.
Earlier this month, Carter revealed plans to fast-track civilians with high levels of skill in areas including cybersecurity into top positions in the US military as part of a proposal called Force of the Future.