With ever-growing cyber threats across the digital landscape, the Department of Defense (DoD) is looking to ramp up its ongoing bug bounty program – known as Hack the Pentagon – to help the agency find undiscovered cybersecurity weaknesses.
Nicole Thompson, digital services expert for DoD’s Defense Digital Service (DDS), discussed the DoD’s efforts to ramp up the program during the Data in Action Summit hosted by Informatica on Dec. 6.
“We’ve now done over 45 different bug bounties across the entire Department of Defense and it’s continuing to scale,” said Thompson.
“We started with publicly accessible assets … anything that the public internet can get to, we’ve started inviting researchers into things that are beyond the boundary defenses and controlled test environments,” said Thompson.
Thompson added that DoD is looking at expanding the program into the classified arena to “bring the crowd to a classified environment and have them test that,” she said. “It’s never been done before, but it’s worth asking the question.”
Thompson also offered a tip that DoD will make a substantial announcement about its bug bounty plans within the coming weeks.
“We are practicing what we preach and we are implementing continuous bounties,” she said. “So you should see an announcement about that, hopefully within the month.”