The US Defense Department (DoD) has announced Hack the Pentagon 3.0, the latest incarnation of its bug bounty program. This iteration will focus on DoD’s Facility Related Controls System (FRCS) network. Participants will have access to only unclassified information technology (IT) and operational technology (OT) systems.
- The Pentagon’s experience with two previous well-managed bug bounty programs mirror the success of many others in the effectiveness of both identifying meaningful vulnerabilities and in providing information that can greatly ease the process of fixing those vulnerabilities. The important part is the fixing of those vulnerabilities – if you are looking at doing a similar effort, make sure you have the processes and staff in place to deal with the influx.
- This program has been evolving since 2016. If you want to try your skills on testing OT systems, this could be a lot of fun. Note that the actual event window is only 72 hours, read the Hack the Pentagon 3.0 solicitation for details about participation and timelines.
- Bug bounty programs have proven their worth as a cybersecurity tool. While system developers try and test for every possible exception, history has shown that flaws ultimately find their way into production systems. Crowdsourcing vulnerability discovery in a controlled setting is both cost efficient and supports cyber defenders
Read more in