The United States military has announced it will be launching its inaugural bug bounty program called “Hack the Army” in November 2016.
Outgoing secretary of the Army Eric Fanning made the announcement in a press conference. He said the program will help the Army keep up with the latest digital threats.
As quoted by WIRED:
“We’re not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense. We’re looking for new ways of doing business.”
At the same time, however, the Army wants to protect itself against bad actors who might abuse the program for their own gain. Consequently, Hack the Army will launch with two major stipulations.
First, the bug bounty program will apply only to the Army’s digital recruiting infrastructure. That’s a step up from the U.S. Department of Defense’s “Hack the Pentagon,” a bug bounty program which allows white hats to probe only the Pentagon’s public websites.
In “Hack the Army,” researchers will look for vulnerabilities on recruitment websites as well as databases that contain the personal information of current and new personnel. They will not have access to “mission critical” systems like navigation or communication networks.
Second, the bug bounty program will start off as invite-only, which means Army officials can vet those who will be sniffing about its websites. But things could change if the Army is satisfied with the program’s results.
Alex Rice, the CEO of a firm called HackerOne that manages both Hack the Pentagon and Hack the Army, told Wired he hopes the latter program will be just the beginning for the U.S. military:
“You absolutely start seeing this effect when people witness the benefits of collaboration toward security goals. They start to look for even more creative ways to apply it.”
HackerOne recommends interested parties visit the bug bounty’s official page for updates over the next several months.