US Army announces 'Hack the Army' bug bounty programme inviting hackers to expose security flaws
'We're looking for new ways to do business,' outgoing secretary of the army Eric Fanning said.
The US Army has announced the launch of its first bug bounty programme called "Hack the Army", offering rewards to hackers who find security vulnerabilities in its digital recruiting infrastructure. Announced at a press conference in Texas on Friday (11 November), the programme comes after the successful inaugural Hack the Pentagon bug bounty programme in April.
"We're not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense," outgoing secretary of the army Eric Fanning said. "We're looking for new ways to do business."
Hack the Army will be run in partnership with bug bounty platform HackerOne, and will be an invite-only programme so that eligible hackers can be vetted before they are accepted to participate in the pilot programme. However, interested military and government personnel will automatically be accepted into the programme.
Eligible hackers will be tasked with scouring through the army's recruitment websites and databases of personal information of new applicants and current army personnel, Wired reports.
"The largest branch of the US military is preparing to be hacked to enhance its security in the coming weeks," HackerOne wrote in a blog post. "Working with the hacker community is an effective way to uncover vulnerabilities in even the most powerful organisations... Inviting the hacker community to find unknown security vulnerabilities will supplement the great work the army's talented cybersecurity personnel are doing already."
HackerOne also previously provided the infrastructure for the Hack the Pentagon programme which invited over 1,400 registered hackers to test the digital security of select Department of Defense websites including Defense.gov. The pilot resulted in 138 valid vulnerabilities discovered and resolved during the 24-day programme.
Following the success of the programme, Defense Secretary Ash Carter directed other DoD components and military services to launch their own bug bounty initiatives as well.
"We're going to include incentives in our acquisition guidance and policies so that contractors who work on DoD systems can also take advantage of innovative approaches to cybersecurity testing," Carter said in October. "For example, in some circumstances, we will encourage contractors to make their technologies available for independent security reviews where bug bounties before they deliver them to us. This will help them make their code more secure from the start, and before it's installed on our system."
The army has yet to release any additional specifics about the new Hack the Army programme.
Many companies have launched popular bug bounty programmes in an effort to bolster cybersecurity defences, and uncover and fix potential security vulnerabilties in their digital infrastructure.
Tech giants such as Microsoft, Yahoo, Google, Facebook and Twitter have had their own successful rewards programmes for years. Chrysler, Uber, the Department of Defense and Apple also recently launched their own initiatives.
© Copyright IBTimes 2024. All rights reserved.