In partnership with HackerOne, the U.S. Department of Defense has a new bug bounty program called “Hack the Army.” For the initial phase, the program is limited to 500 participants who can sign up to hunt for security vulnerabilities in the DoD’s public-facing systems. The organizations did not disclose the dollar amount of the payouts but said they could be “thousands of dollars.” The Hack the Army program will run from November 30 to December 21.
The DoD also has a new Vulnerability Disclosure Policy (VDP). “This policy is a first of its kind for the US Government,” HackerOne says. “With DoD’s new vulnerability disclosure policy, hackers have clear guidance on how to legally test for and disclose vulnerabilities in DoD’s websites outside of bug bounty challenges. This new initiative underscores DoD’s commitment to working in partnership with the hacker community to improve security.”