On Thursday, the Department of Defense said San Francisco’s HackerOne will manage its recently announced “Hack the Pentagon” program.
Despite the name, it’s not an open invitation for hackers to break into Pentagon systems. The “bug bounty” program, which pays security researchers who find and report technical vulnerabilities, will focus on public websites rather than critical infrastructure used in military missions, the department said.
It’s not clear how much the program will pay. To participate, security researchers must be eligible to work in the U.S. and can’t reside in a country currently under U.S. trade sanctions.
HackerOne runs similar programs for companies including Adobe, General Motors, Snapchat, Uber and Yahoo.
In general, companies who adopt such programs agree not to take action against researchers for reporting a security flaw, and acknowledge their contributions publicly. Not all bug reports earn the researchers money. Typically, a bug bounty might be in the hundreds of dollars. Google, which runs its own bug bounty program, pays as much as $100,000.
“Collaboration and transparency with external finders has become essential to securing connected software on the Internet,” wrote HackerOne CEO Marten Mickos in a blog post. “Embracing the hacker community is not only a watershed move by the Pentagon, among the world’s most powerful organizations, but also signals deeply promising progress for all of software security.”
The Hack the Pentagon program begins April 18 and will run for 20 days.
The offer to pay people who discover bugs is just one way in which the government is trying to build bridges to Silicon Valley. While the Department of Defense helped fund the research that led to the creation of the Internet, and the government remains an important customer for many tech companies, those historic ties have become frayed in the wake of former intelligence agency contractor Edward Snowden’s revelations about government spying and the FBI’s recently abandoned attempt to force Apple to weaken iPhone security in a terrorism case.
During a keynote address at the RSA Conference in San Francisco in March, Adm. Mike Rogers, director of the National Security Agency, said that a continued relationship between government and the technology industry is vital for national security.
“The power of partnership, innovation and our ability to bring together the government and the private sector is going to be at the heart of how we move forward,” he said. “We want to operate in a broad partnership.”
©2016 the San Francisco Chronicle Distributed by Tribune Content Agency, LLC.
