As a follow-up to March’s successful ‘Hack the Pentagon’ initiative, the US Army is now opening up a bug bounty to help it find vulnerabilities in its IT systems.
The security firm HackerOne is facilitating the Army’s program, HackerOne was also behind the Pentagon’s program, and hopes to spin it out to other services in the months to come.
Secretary of the Army Eric Fanning announced the Army’s new program, calling it a part of ‘looking for new ways of doing business.’ The effort is certainly a departure for ultra secretive and easily stove-piped government organizations. Unlike the private sector where there are kudos to be one for finding a flaw or bug in a system, within a military community, getting access to sites is often limited and finding an issue is more likely to be met with skepticism than praise.
In a stove-piped government office, finding a flaw in an outside agency’s code would be more likely to be met with cries of ‘why were you playing in my sandbox!’ than, ‘thanks for the find.’
One of the advantages of the Hack the Army program is that while participation is invite-only for the ‘average’ hacker, any military or government personnel will get automatic access.
The Army isn’t opening up the doors to all of its secrets, however. The current initiative is focused on static websites, but also recruitment databases of personal information. Following the Office of Personnel Management breach and its negative impact on cleared hiring, the US Army may understand its ability to protect classified information is directly related to its ability to attract talent.