Similar to Facebook’s Bug Bounty Program, the US government recently launched their first “bug bounty” program to help officials identify flaws in government run websites.
The pilot program called “Hack the Pentagon”, took place between April 18 and May 12, and attracted over 1,400 hackers from around the world.
The hackers were given an opportunity to earn legitimate cash bounties while using their “hacking” skills for good. Of the 1,400 hackers, over 250 sent in at least one vulnerability and 138 of those vulnerabilities were considered eligible for a reward. Payouts ranged from cash amounts as small as $100 to the largest total cash payout of $15,000, according to Sophos’ Naked Security.
In total, the event cost the US Department of Defense $150,000 — with about half of that sum going to hackers. But that is a small price to pay when you consider the costs and repercussions of having a government website compromised.
“We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks….What we didn’t fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference – hackers who want to help keep our people and nation safer,”
…according to Secretary of Defense Ash Carter.
Since the US government is always a target for hackers, it is likely that more government-sponsored bug bounty events will take place in the future. This will give computer-savvy individuals who want to challenge US government networks the opportunity to do so in a legitimate manner and the government an opportunity to use these programs as a valuable tool to strengthen their networks.