Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:30 AM

DoD Picks HackerOne To Run Its Historic Bug Bounty Pilot

HackerOne will run US federal government's first-ever bug bounty pilot 'Hack The Pentagon.'

The US Department of Defense has selected bug bounty and vulnerability coordination vendor HackerOne to run the federal government’s first-ever bug bounty program.

The “Hack The Pentagon” pilot program, which invites ethical hackers to find bugs within DoD public websites and ultimately enhance the security of those sites, will run from April 18 to May 12, 2016, the DoD announced yesterday. Secretary of Defense Ash Carter first announced the program last month at The RSA Conference.

HackerOne will identify qualifying participants for the so-called “Hack The Pentagon” pilot, where white-hat hackers find and report vulnerabilities in the DoD Web pages. "Collaboration and transparency with external finders has become essential to securing connected software on the Internet,” said Marten Mickos, CEO of HackerOne. HackerOne has previously worked with Facebook, Microsoft, and other companies in their bug bounty programs.

Critical DoD computer systems will not be part of the vulnerability-finding program, and participants will be screened via an application process. Individual rewards for vulnerability discoveries will be based on various factors, and payments will come out of the program's $150,000 in funding, according to the DoD

"This initiative will put the department's cybersecurity to the test in an innovative but responsible way," said Defense Secretary Ash Carter.  "I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot."  

Read more on the DoD’s announcement and see the Hack The Pentagon program website for further details. 


Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-21
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BM...
PUBLISHED: 2020-02-21
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.
PUBLISHED: 2020-02-21
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses...
PUBLISHED: 2020-02-21
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8....
PUBLISHED: 2020-02-21
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan.