A U.S. government program designed to crowdsource digital security expanded this week through the awarding of three contracts to Silicon Valley-based firms: Bugcrowd, HackerOne, and Synack.
Hack the Pentagon, which awards cash bounties for bugs found in Department of Defense (DOD) websites and assets, also turned two years old this week. Cyberthreats continue to evolve, though, and the federal government is attempting to build out private sector partnerships to counter them.
“Finding innovative ways to identify vulnerabilities and strengthen security has never been more important,” Chris Lynch, director of the Defense Digital Service, said. “When our adversaries carry out malicious attacks, they don’t hold back and aren’t afraid to be creative. Expanding our crowdsourced security work allows up to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We’re excited to see the program continue to grow and deliver value across the Department.”
DOD claims the program has helped them identify and fix thousands of security vulnerabilities since its foundation. The new contract awards expand the program’s scope and capacity, targeting private DOD assets beyond the public ones more frequently assailed. Vetted hackers will be able to simulate real and insider threats to certain DOD systems and pass their perspectives on to the agency. As a result of program enhancements, DOD will also run continuous, year-long assessments of high-value assets.