DOD Expands Bug Bounty Program to Public Networks, Systems

White hat hackers will get even more opportunities to poke around the Defense Department for vulnerabilities now that it has expanded its bug bounty program to include all of its publicly available information systems.

The vulnerability disclosure program, which was started from the Defense Digital Service’s 2016 Hack the Pentagon initiative, was initially restricted to public-facing websites and applications.

Now, the program will now include networks, frequency-based communication, industrial control systems, internet of things devices among other systems available to the public, DOD announced.

The Defense Department has been steadily expanding its capabilities to sniff out cyber vulnerabilities that could be plaguing its systems across the services, and when it comes to testing experimental hardware.

Kristopher Johnson, the director for the Pentagon’s Cyber Crime Center, which oversees the program, said in a statement that “DOD websites were only the beginning as they account for a fraction of our overall attack surface.”

The announcement comes after the center announced a defense industry-focused pilot of its bug bounty program in April. That yearlong pilot is expected to build on lessons from the original vulnerability disclosure program, which has found more than 29,000 vulnerabilities since its launch, according to a recent report.

So far, it has garnered more than 350 vulnerability reports in the first two weeks of launch.

This post was originally published by FCW on

Related posts