Hacking the Pentagon
By the Numbers
Bug bounties held
Global ethical hackers and security researchers
Vulnerabilities discovered and disclosed
The Challenge
Because our adversaries are more creative than ever when they carry out malicious attacks, it’s never been more important to find innovative ways to identify vulnerabilities and strengthen security. The Department of Defense (DoD) spends billions of dollars every year on information security, but had never attempted to address security vulnerabilities using bug bounties, a crowd-sourced model used in the private sector to secure both public-facing and internal assets.
Ethical hacker Jack Cable presents to a group of Marines and fellow hackers at Hack the Marine Corps in Las Vegas. Photo courtesy of HackerOne.
The Solution
The Defense Digital Service launched Hack the Pentagon in 2016, the federal government’s first bug bounty program. The Hack the Pentagon program has engaged hundreds of ethical hackers around the globe to lawfully discover and disclose vulnerabilities on DoD assets. The DoD’s first Vulnerability Disclosure Policy established a 24/7 pathway for security experts to safely disclose vulnerabilities on public-facing DoD websites and applications. DDS has ongoing contracts with security firms HackerOne, Synack, and Bugcrowd to facilitate assessments for DoD components and military services against their respective assets.
This reinforces the work the Air Force is already doing to strengthen cyber defenses and has created meaningful relationships with skilled researchers that will last for years to come.
Ethical hackers work together to find and disclose security flaws in Air Force systems during the Hack the Air Force 2.0 bug bounty event in December 2017 in New York City. Photo courtesy of HackerOne.
Press
Bloomberg, Business Insider, CBS News, TechCrunch, Wired, Wired
More projects
-
Centers for Disease Control and PreventionPreparing for the Next Pandemic While Building Tech for COVID-19
We worked with the Centers for Disease Control and Prevention to quickly create and scale technology programs that digitize and share infectious disease test results in real-time.
-
Cross-agencyOptimizing benefits for families
Working alongside The Department of Treasury and the White House, we built ChildTaxCredit.gov to educate families about the expanded Earned Income Credit and Child Tax Credit. The USDS team relied on in-depth research to create a site that is accessible, easy-to-read, and provides resources to find free tax services.
-
Health and Human ServicesCritical code: building COVID-19 vaccine finder tools
With the American public eager for COVID-19 vaccinations, The White House partnered with the U.S. Digital Service, the Centers for Disease Control & Prevention, the Department of Health & Human Services, and Boston Children’s Hospital to launch a fleet of tools connecting people to life-saving vaccines.
-
Veterans AffairsSimplifying Veteran‑facing services through VA.gov
Each month, over 10 million people attempt to access the digital tools and content at the Department of Veterans Affairs (VA) and have historically struggled to find what they’re looking for. Digital modernization efforts needed to focus on improving the user experience.
-
Health and Human ServicesModernizing the Medicare Payment System
Eight million lines of COBOL and 2.5 million lines of assembly running on 15 mainframes. 4.5 percent of the entire American economy is fueled by Medicare payments and 53 million people depend on it for their healthcare.
-
Cross-agencyChanging how the government hires technical talent
We helped develop a process that allows HR to leverage subject matter experts to evaluate candidates for specialized roles. The result restores fair and open access for all applicants, shortens the hiring timeline, and ensures applicants are truly qualified.