'Hack The Pentagon' Bug Bounty Program Opens For Registration (securityweek.com)

← Back to Stories (view on slashdot.org)

'Hack The Pentagon' Bug Bounty Program Opens For Registration (securityweek.com)

Posted by BeauHD on Thursday March 31, 2016 @08:42AM from the man-your-battle-stations dept.

wiredmikey writes: Starting today, security researchers can register to test their hacking skills against the Department of Defense (DoD) through "Hack the Pentagon," a new bug bounty program that will award security researchers who discover vulnerabilities on the Pentagon's public web pages. The initiative, run through a partnership with bug bounty platform provider HackerOne, is the first of its kind in the history of the federal government. The Hack the Pentagon bug bounty pilot will start on Monday, April 18 and end by Thursday, May 12. "Critical, mission-facing computer systems will not be involved in the program," the DoD stated.

36 comments

Min score:

Reason:

Sort:

No way... by Anonymous Coward · 2016-03-31 08:43 · Score: 1

am I going to register there.
Contents of email server by Anonymous Coward · 2016-03-31 08:52 · Score: 0

they'll just get a lot of spam and mass mailings.
I.e. Please remember that the female toilets in corridor 17W are having their leaky pipes fixed and are out of service this week.
1. Re:Contents of email server by Archangel+Michael · 2016-03-31 09:24 · Score: 1
  
  Enough about that damn email server already!
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
2. Re:Contents of email server by Anonymous Coward · 2016-03-31 13:23 · Score: 0
  
  Well it's not like they'll leave their internal Quake3 server open to hacking is it.
It's a trap! by Anonymous Coward · 2016-03-31 08:54 · Score: 0

This goes to show how bad Pentagon "hackers" actually are. Don't believe the NSA is so elite at hacking. Anyone can spy a line and dump data.
A big improvement... by Immerman · 2016-03-31 08:57 · Score: 1

A big improvement over their previous "hack the Pentagon and we'll put a bounty on your ass" program. Or perhaps they're just hoping to save themselves some work identifying the troublemakers.

--
--- Most topics have many sides worth arguing, allow me to take one opposite you.
1. Re:A big improvement... by magarity · 2016-03-31 09:01 · Score: 2
  
  My first thought was whether someone managed to properly coordinate all the agencies and jurisdictions or not so that anyone who submits a successful hack and is awarded by one agency isn't then immediately arrested by another.
2. Re:A big improvement... by EndlessNameless · 2016-04-01 02:27 · Score: 1
  
  The CFAA centers around unauthorized access. Since this activity is encouraged by the system owner---and even has a registration process---the attempts certainly cannot be unauthorized provided they follow the rules of the program.
  That said, it would be wise to read all of the program rules, as violating them might render the access unauthorized. That would put someone in federal felony territory.
  While I would hope the DoD would be forgiving of anyone who bends a minor rule, there is no guarantee beyond what is written.
  
  --
  
  ---
  According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
Mission-facing? by Anonymous Coward · 2016-03-31 09:02 · Score: 0

WTF? Is that some kind of mixed metaphor?
It's a start... by Anonymous Coward · 2016-03-31 09:04 · Score: 0

...but with crap like this it's not going to be very successful:

...successful participants who submit qualifying vulnerability reports will undergo a basic criminal background screening to ensure taxpayer dollars are spent wisely. Screening details will be communicated to participants in advance, he added, and participants will be able to opt out of any screening. Those who opt out of the screening will forgo bounty compensation ...
Individual bounty payments will depend on a number of factors, he said, but will come from the $150,000 in funding for the program.

So what happens when someone submits a good report but denies or fails the screening? Are the pentagon going to ditch the report and forget they ever saw it? Or just neglect to pay up? How much of that paltry $150k will end up spent on those screenings?
Here's some perspective - Good engineers in the internet security space can make $150k without having to hunt elusive unknown bugs. Here's some more perspective - the 2016 DoD budget is about $570B. That $150k represents 0.000263% of the budget. Heck, that would almost buy you 40% of an AIM120 AMRAAM.
Glad to see they're taking this seriously.
1. Re:It's a start... by Anonymous Coward · 2016-03-31 10:29 · Score: 0
  
  Screening for pentagon IT job... Am I gonna have to lie about eating all those shrooms in college again?
2. Re:It's a start... by AlphaBro · 2016-03-31 13:54 · Score: 1
  
  This is the real news, and given the ability to opt out and forgo payment, it sounds like they will be retaining the reports of those that fail their checks. Complete and utter bullshit.
How Stupid Are We? by zenlessyank · 2016-03-31 09:05 · Score: 2

Why would I want to sign up for this watch list? Hack imaginary systems and get put on a list. Nice. I suppose this is ISIS sponsored also.
1. Re:How Stupid Are We? by Anonymous Coward · 2016-03-31 09:12 · Score: 0
  
  >Hack imaginary systems and get put on a list
  Or get offered a job.
2. Re:How Stupid Are We? by zenlessyank · 2016-03-31 09:17 · Score: 1
  
  I would NEVER work for these assholes.
3. Re:How Stupid Are We? by phantomfive · 2016-03-31 16:47 · Score: 1
  
  Yeah, I can't see myself reasonably signing up for this.
  
  --
  "First they came for the slanderers and i said nothing."
4. Re:How Stupid Are We? by Anonymous Coward · 2016-04-01 00:58 · Score: 0
  
  Notice that "Critical, mission-facing computer systems will not be involved in the program", so additionally the whole program is also useless, because it only helps to fix bugs of unimportant systems.
Don't forget to register by dkroft1 · 2016-03-31 09:12 · Score: 5, Funny

The difference between winning money, and committing treason
1. Re:Don't forget to register by zenlessyank · 2016-03-31 09:22 · Score: 1
  
  Satan has blessed America.
So Where Is A Country An American Can Move by zenlessyank · 2016-03-31 09:26 · Score: 1

to get away from this insanity? Is there a country that will accept us with the understanding that we don't represent this shit. Peeps been coming here for ages, so it is high time someone let us in for a change. Please reply with decent alternatives. Thanks.
1. Re:So Where Is A Country An American Can Move by Anonymous Coward · 2016-03-31 09:42 · Score: 0
  
  Think Yemen.
2. Re:So Where Is A Country An American Can Move by Anonymous Coward · 2016-03-31 09:53 · Score: 0
  
  Absurdistan aka Bulgaria
3. Re:So Where Is A Country An American Can Move by Anonymous Coward · 2016-03-31 10:11 · Score: 0
  
  Given the anti foreigner retoric in the US ranging from Trump to working visas I don't think any first world country wants you (sorry but you are tarred with the same brush as your countrymen even if you don't share their views). Plenty of African and south American countries you can go to, Maybe Mexico or Cuba?
4. Re:So Where Is A Country An American Can Move by rtb61 · 2016-03-31 13:41 · Score: 1
  
  If you are young enough you can pay for a cheaper degree in Australia and if you pass, you'll have pretty much no problem staying and becoming a citizen. Be warned right wing Republican bible fundamentalist's don't really enjoy it that much and especially do not like the high wage of labour types or the lack of menials. So I suppose if you notice the insanity that won't be a problem for you. There is also (State assisted migration if you are interested look it up) for certain jobs at certain times. Be prepared for a waiting list, but if you make it, have fun.
  
  --
  Chaos - everything, everywhere, everywhen
5. Re:So Where Is A Country An American Can Move by Anonymous Coward · 2016-03-31 17:29 · Score: 0
  
  People around the world already hate the US and try to blame for every problem facing the world. They hated the US even more when they realized the average American doesn't care what a bunch of foreigners thinks. Trump's rhetoric can hardly make things worse. It has been interesting to see countries all over the world get nervous because the US sugar daddy leave them to deal with their own problems for a change. The US has planted military bases in Europe and South East Asia. The number one reason these bases exists is to serve as a trip wire. If Russia decided they wanted some extra European land they would over run every forward operating bases since these bases do not have the personnel or equipment to fend off a concentrated attack. The bases in SE Asia operate on the same model. The US soldiers would be sacrificed to provide the reason for declaring war. Would any non-US military personnel serve in the same capacity. Would they accept their status as a trip wire to protect US interests?
6. Re:So Where Is A Country An American Can Move by Anonymous Coward · 2016-03-31 20:24 · Score: 0
  
  to get away from this insanity? Is there a country that will accept us with the understanding that we don't represent this shit. Peeps been coming here for ages, so it is high time someone let us in for a change. Please reply with decent alternatives. Thanks.
  I would mention Australia except that our government has been in bed with the US for a while now (damn Liberal party).
uh huh by fyngyrz · 2016-03-31 09:27 · Score: 1

Pentagon's "Hack The Hackers" program opens for voluntary self-incrimination.
Come one, come all.

--
I've fallen off your lawn, and I can't get up.
1. Re:uh huh by Anonymous Coward · 2016-03-31 09:55 · Score: 0
  
  lolwut? I'll pass on this guillotine and opt for some pit with spikes to be named in the future
one day to soon by Anonymous Coward · 2016-03-31 09:27 · Score: 0

Reall department of defense? Relaly? You couldn't wait just 1 more day to post this? You could have one best april fools day prnank of the year.... with a non-prank.
Oh how did I read this by Anonymous Coward · 2016-03-31 09:28 · Score: 0

Oh my.. did I read this as "Hack the Pentagon" open for Resignations
Watchlist fodder by Anonymous Coward · 2016-03-31 09:47 · Score: 0

Guilty by definition, because "hacking".
No Go by Tablizer · 2016-03-31 11:31 · Score: 1

I can't register, the registration form's been hacked

--
Table-ized A.I.
Mess of a site by Anonymous Coward · 2016-03-31 15:56 · Score: 0

Signed up. Sounds like fun. Before starting they want your. Ssn. The chances of finding a hole seem low to me. No way I will fill out a w6 before I even start hacking. Their registration system is poorly thought out. No way am I bothering with this unless I have some extra energy.
blank DVD by Anonymous Coward · 2016-04-01 00:45 · Score: 0

My suggestion is to walk into one of the Pentagon's maximum security facilities with a blank DVD with "Lady Gaga" handwritten on it.
Well that's most of the good "Researchers" out by ramriot · 2016-04-01 02:27 · Score: 1

Almost the first requirement and already they excluded potentially 90% of us.
"You must have a U.S. taxpayer identification number and a social security number or an employee identification number and the ability to complete required verification forms."