The Department of Defense (DoD) has set aside $150,000 to fund a month-long bug bounty program in which hackers are invited to test their skills against several public DoD websites.
As the first bug bounty program in the history of the federal government, the goal is to identify and resolve security vulnerabilities within DoD websites via crowdsourcing. The DoD says multiple public sites will be fair game although critical, mission-facing computer systems won’t be targeted.
The pilot is being managed by HackerOne, the vulnerability disclosure company that’s also in charge of Uber’s new bug bounty program. Unlike most bug bounty programs, the Hack the Pentagon campaign is only open to individuals that meet both participation and payment eligibility requirements.
Those wishing to participate must meet all of the following conditions for eligibility:
- You must have successfully registered as a participant through the HackerOne page.
- You must have a U.S. taxpayer identification number and a social security number or an employee identification number and the ability to complete required verification forms.
- You must be eligible to work within the U.S.; meaning you are a U.S. citizen, a noncitizen national of the U.S., a lawful permanent resident, or an alien authorized to work within the U.S.
- You must not reside in a country currently under U.S. trade sanctions.
- You must not be on the U.S. Department of the Treasury's Specially Designated Nationals list.
Participants that submit a qualifying vulnerability must also undergo a basic criminal background check to ensure that taxpayer dollars are spent wisely. The DoD says participants have the right to opt-out of the screening although doing so will forfeit any and all compensation.
The Hack the Pentagon bug bounty pilot will start on April 18, 2016, and end on May 12, 2016. Payments will be issued no later than June 10 of this year.
Image courtesy U.S. Air Force