Hacking the Pentagon
By the Numbers
Bug bounties held
Global ethical hackers and security researchers
Vulnerabilities discovered and disclosed
The Challenge
Because our adversaries are more creative than ever when they carry out malicious attacks, it’s never been more important to find innovative ways to identify vulnerabilities and strengthen security. The Department of Defense (DoD) spends billions of dollars every year on information security, but had never attempted to address security vulnerabilities using bug bounties, a crowd-sourced model used in the private sector to secure both public-facing and internal assets.
Ethical hacker Jack Cable presents to a group of Marines and fellow hackers at Hack the Marine Corps in Las Vegas. Photo courtesy of HackerOne.
The Solution
The Defense Digital Service launched Hack the Pentagon in 2016, the federal government’s first bug bounty program. The Hack the Pentagon program has engaged hundreds of ethical hackers around the globe to lawfully discover and disclose vulnerabilities on DoD assets. The DoD’s first Vulnerability Disclosure Policy established a 24/7 pathway for security experts to safely disclose vulnerabilities on public-facing DoD websites and applications. DDS has ongoing contracts with security firms HackerOne, Synack, and Bugcrowd to facilitate assessments for DoD components and military services against their respective assets.
This reinforces the work the Air Force is already doing to strengthen cyber defenses and has created meaningful relationships with skilled researchers that will last for years to come.
Ethical hackers work together to find and disclose security flaws in Air Force systems during the Hack the Air Force 2.0 bug bounty event in December 2017 in New York City. Photo courtesy of HackerOne.
Press
Bloomberg, Business Insider, CBS News, TechCrunch, Wired, Wired
More projects
-
Social Security AdministrationContinuously improving SSA.gov
The Social Security Administration is building on the momentum from their partnership with the U.S. Digital Service by implementing iterative research, best practices, and a data-informed approach to ensure the website is usable and useful.
-
Centers for Disease Control and PreventionPreparing for the next pandemic while building tech for COVID-19
We worked with the Centers for Disease Control and Prevention to quickly create and scale technology programs that digitize and share infectious disease test results in real-time.
-
Health and Human ServicesModernizing the child care application process
USDS partnered with ACF’s policy and subject matter experts to create a Model Child Care Assistance Application and eligibility verification practices that met federal guidelines and demonstrated the “art of what’s possible.
-
Cross-agencyOptimizing benefits for families
Working alongside The Department of Treasury and the White House, we built ChildTaxCredit.gov to educate families about the expanded Earned Income Credit and Child Tax Credit. The USDS team relied on in-depth research to create a site that is accessible, easy-to-read, and provides resources to find free tax services.
-
Cross-agencyChanging how the government hires technical talent
We helped develop a process that allows HR to leverage subject matter experts to evaluate candidates for specialized roles. The result restores fair and open access for all applicants, shortens the hiring timeline, and ensures applicants are truly qualified.
-
Veterans AffairsSimplifying Veteran‑facing services through VA.gov
Each month, over 10 million people attempt to access the digital tools and content at the Department of Veterans Affairs (VA) and have historically struggled to find what they’re looking for. Digital modernization efforts needed to focus on improving the user experience.