‘We’re looking for new ways to do business,’ outgoing secretary of the army Eric Fanning said.
The US Army has announced the launch of its first bug bounty program called “Hack the Army”, offering rewards to hackers who find security vulnerabilities in its digital recruiting infrastructure. Announced at a press conference in Texas on 11 November, the program comes after the successful inaugural Hack the Pentagon bug bounty program in April.
“We’re not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense,” outgoing secretary of the army Eric Fanning said. “We’re looking for new ways to do business.”
Hack the Army will be run in partnership with bug bounty platform HackerOne, and will be an invite-only program so that eligible hackers can be vetted before they are accepted to participate in the pilot program. However, interested military and government personnel will automatically be accepted into the program.
Eligible hackers will be tasked with scouring through the army’s recruitment websites and databases of personal information of new applicants and current army personnel, Wired reports.
“The largest branch of the US military is preparing to be hacked to enhance its security in the coming weeks,” HackerOne wrote in a blog post. “Working with the hacker community is an effective way to uncover vulnerabilities in even the most powerful organizations… Inviting the hacker community to find unknown security vulnerabilities will supplement the great work the army’s talented cybersecurity personnel are doing already.”
HackerOne also previously provided the infrastructure for the Hack the Pentagon program which invited over 1,400 registered hackers to test the digital security of select Department of Defense websites including Defense.gov. The pilot resulted in 138 valid vulnerabilities discovered and resolved during the 24-day program.
Following the success of the program, Defense Secretary Ash Carter directed other DoD components and military services to launch their own bug bounty initiatives as well.
“We’re going to include incentives in our acquisition guidance and policies so that contractors who work on DoD systems can also take advantage of innovative approaches to cybersecurity testing,” Carter said in October. “For example, in some circumstances, we will encourage contractors to make their technologies available for independent security reviews where bug bounties before they deliver them to us. This will help them make their code more secure from the start, and before it’s installed on our system.”
The army has yet to release any additional specifics about the new Hack the Army program.
Many companies have launched popular bug bounty programs in an effort to bolster cybersecurity defenses, and uncover and fix potential security vulnerabilities in their digital infrastructure.
Tech giants such as Microsoft, Yahoo, Google, Facebook and Twitter have had their own successful rewards programs for years. Chrysler, Uber, the Department of Defense and Apple also recently launched their own initiatives.