The Pentagon is hiring two companies to help find and fix the weaknesses in Department of Defense (DOD) information systems, officials announced Thursday.
The initiative expands the DoD’s “Hack the Pentagon” event, where for three weeks, hackers were invited to attack Pentagon systems in order to discover bugs. In the first Hack the Pentagon event this Spring, hackers discovered 138 vulnerabilities the DoD didn’t know about. (RELATED: The Pentagon Just Paid Hackers To Break Into Its Computer Systems)
The Pentagon fixed the bugs discovered during the event, and contracted cyber companies HackerOne and Synack to run ongoing “bug bounty” programs. The two contracts total $7 million, and will pay for 14 new hacking challenges.
HackerOne will run programs open to a wide array of hackers focused on public sites like Defense.gov, like the Hack the Pentagon program, but Synack will work with approved cyber researchers to test the Pentagon’s more sensitive digital systems.
“As adversaries become more sophisticated and the threat environment continues to evolve, maintaining the highest levels of security has never been more important,” Mark Wright, a spokesman for the Office of the Secretary of Defense, said in a statement. “By partnering with these leading crowdsourced security companies, we can take a much more innovative, diverse, scalable and effective approach to better protect and defend our digital assets.”
“No government or organization is so powerful that it does not need outside help identifying security issues. Working with the external hacker community will supplement the crucial cybersecurity work that DOD is doing internally,” Marten Mickos, CEO of HackerOne, said in a press release. “Securing our online society is paramount and this puts the U.S. federal government in the forefront.”
“This award really marks a turning point in harnessing innovation to secure the nation’s most critical assets,” Jay Kaplan, CEO of Synack, said in the release. “As attacks become more sophisticated, the DoD is taking a much needed innovative approach to security by harnessing the world’s best security researchers.”
Send tips to [email protected].
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [email protected].