Hack the Pentagon Identifies Cyber Vulnerabilities

The Pentagon’s first “bug bounty” effort to enlist hackers to identify security vulnerabilities identified 138 legitimate security weaknesses in the Defense Department’s network infrastructure. The “Hack the Pentagon” effort included about 1,400 hackers who searched for network vulnerabilities, with 250 of them finding and submitting at least one vulnerability report, Defense Secretary Ash Carter said in announcing the results of the program on Friday. The Pentagon confirmed 138 weaknesses, and remediated them, he said. The Pentagon paid a total of $150,000 to the hackers who found the vulnerabilities. While not a small sum, the amount is a bargain compared to the approximate $1 million the Pentagon would have paid to a contactor to search for vulnerabilities. It is the first time a federal agency held a “bug bounty” program, and the department is creating a “standing point of contact” for researchers to safely submit information on network vulnerabilities, Carter said.