Search All Articles

Browse by Category

Article for: Curious people
Difficulty: Very simple
Importance: Not particularly. Just informative

Four years ago, the Department of Defense (DOD) invited white hat hackers to "Hack the Pentagon". Not only did they invite hackers to hack them, they paid those who succeeded. This program generated some controversy, but was repeated each year with bigger and better results. Imagine the fun a hacker could have, and the prestige points for hacking the Pentagon and getting paid!

This year, the DOD validated 2,836 previously unknown flaws from this program. The official DOD report says, "Without DOD VDP (Vulnerability Disclosure Program) there is a good chance these vulnerabilities would persist to this day or, worse, be active conduits for exploitation by our adversaries." They are hoping to expand the program to more defense related systems.

These programs are called bug bounty programs. Google, Microsoft, Mozilla and many other software firms use them to find vulnerabilities in their software. Hackers sign up and get authorization. The programs have specific start and end dates and fixed rewards. Let's hope more government agencies join this smart approach to modern security.

Some military offices that used this program in 2019 include:

• Air Force Data Center paid out $290,000 for 400 discovered vulnerabilities.
• The Army paid out $275,000 for 146 found vulnerabilities.
• The program found vulnerabilities in the F-15 eagle fighter jet, but I don’t know how many vulnerabilities or how much they paid out.

Date: June 2020