Hacking the Pentagon
By the Numbers
Bug bounties held
Global ethical hackers and security researchers
Vulnerabilities discovered and disclosed
The Challenge
Because our adversaries are more creative than ever when they carry out malicious attacks, it’s never been more important to find innovative ways to identify vulnerabilities and strengthen security. The Department of Defense (DoD) spends billions of dollars every year on information security, but had never attempted to address security vulnerabilities using bug bounties, a crowd-sourced model used in the private sector to secure both public-facing and internal assets.
Ethical hacker Jack Cable presents to a group of Marines and fellow hackers at Hack the Marine Corps in Las Vegas. Photo courtesy of HackerOne.
The Solution
The Defense Digital Service launched Hack the Pentagon in 2016, the federal government’s first bug bounty program. The Hack the Pentagon program has engaged hundreds of ethical hackers around the globe to lawfully discover and disclose vulnerabilities on DoD assets. The DoD’s first Vulnerability Disclosure Policy established a 24/7 pathway for security experts to safely disclose vulnerabilities on public-facing DoD websites and applications. DDS has ongoing contracts with security firms HackerOne, Synack, and Bugcrowd to facilitate assessments for DoD components and military services against their respective assets.
This reinforces the work the Air Force is already doing to strengthen cyber defenses and has created meaningful relationships with skilled researchers that will last for years to come.
Ethical hackers work together to find and disclose security flaws in Air Force systems during the Hack the Air Force 2.0 bug bounty event in December 2017 in New York City. Photo courtesy of HackerOne.
Press
Bloomberg, Business Insider, CBS News, TechCrunch, Wired, Wired
More projects
-
Social Security Administration
Continuously improving SSA.gov
The Social Security Administration is building on the momentum from their partnership with the U.S. Digital Service by implementing iterative research, best practices, and a data-informed approach to ensure the website is usable and useful.
-
Cross-agency
Changing how the government hires technical talent
We helped develop a process that allows HR to leverage subject matter experts to evaluate candidates for specialized roles. The result restores fair and open access for all applicants, shortens the hiring timeline, and ensures applicants are truly qualified.
-
Veterans Affairs
Simplifying Veteran‑facing services through VA.gov
Each month, over 10 million people attempt to access the digital tools and content at the Department of Veterans Affairs (VA) and have historically struggled to find what they’re looking for. Digital modernization efforts needed to focus on improving the user experience.