The Department of Defense (DoD) today announced that it has awarded contracts to three private-sector Silicon Valley firms in an effort to expand its Hack the Pentagon digital defense program.
As the government celebrates the second anniversary of its bug bounty initiatives, it has awarded contracts to three security firms, including Bugcrowd. To enhance the DoD’s security for sensitive, internal assets, the department will continue to build bug bounties for public-facing websites while pursuing additional crowdsourced security tactics.
The Hack the Pentagon program has been successful for the DoD, allowing the department to run assessments on a range of its assets, including hardware and physical systems. Though security checklists are helpful in determining a baseline for best practices, engaging in relationships with white hat hackers goes a step further, because they are able to simulate real threats and emulate the behaviors of an adversary.
A statement from the DoD explained: “As cyber threats persist, the Defense Department is working to identify innovative approaches to bolster security, combat malicious activities, and build trusted private sector partnerships to counter threats. Hack the Pentagon bug bounties are designed to identify and resolve security vulnerabilities across targeted DOD websites and assets and pay cash to highly vetted security researchers or ‘ethical hackers’ to discover and disclose bugs.”
The engagements will allow the DoD to run continuous assessments of its high-value assets while maintaining relationships with vetted security researchers and white hat hackers. The ability to participate in open dialogues throughout the development lifecycle of a system is an important security measure, particularly when software and other assets are so frequently updated, according to the DoD.
“We are thrilled that Bugcrowd has been selected to ‘Hack the Pentagon’ to bring the scale and expertise of our worldwide elite Crowd of white hat hackers to outsmart adversaries and strengthen our nation’s security,” said Ashish Gupta, CEO, Bugcrowd in a press release.
“Bugcrowd’s proven platform and Crowd of researchers brings a wide variety of experience and technical specialization to handle the complexity of constantly changing attack surfaces that the DoD – or any organization – will face in the coming years.”