Hack the Pentagon

On October 20, 2016 DoD announced a new contract with HackerOne to expand these programs to other departments over three years. Hack the Army, the most ambitious Government Bug Bounty Program to date was the first of these initiatives driven by Secretary of the Army Eric Fanning.

Shortly after Hack the Army announcement, the U.S. Department of Defense introduced the DoD’s Vulnerability Disclosure Policy (VDP) on HackerOne — outlining a legal avenue for any hacker to disclose vulnerabilities in any DoD public-facing systems. This policy is a first of its kind for the U.S. Government.

With DoD’s new Vulnerability Disclosure Policy, hackers have clear guidance on how to legally test for and disclose vulnerabilities in DoD’s websites that may be out of the scope of live bug bounty challenges.

These bold initiatives are driven by DoD’s Defense Digital Services (DDS) with strong support from Secretary Carter and underscores their commitment to working with the hacker community to improve security.

The Defense Department is investing aggressively in innovation, including in people, practices and technologies, Carter said. The “Hack the Pentagon” program combined all those elements to "considerable success".

Trailblazing paths to make society safer is a vital role our governments need to take, especially as caretakers of the private data about many of the world’s citizens. The DoD as taken the opportunity to be the leaders in working with the security researcher community. Hack the Pentagon was the model for other Government departments to follow, and we believe many more will.

DOD agencies, services or other interested parties can send contract inquiries to hackthepentagon@dds.mil