The challenge – hosted by HackerOne, a Silicon Valley-based firm – was conducted on five public websites, which included defense.gov. It launched on April 18, and ran until May 12, with over 1,400 hackers, who completed registration and were invited to participate. Out of those who completed the registration, more than 250 submitted at least one vulnerability report. Among the contestants of the initiative, SECDEF gave an honorable mention to recent high-school graduate 18-year-old, David Dworkin and computer security researcher, Craig Arendt.
The purpose of the pilot program was to address the DoD’s defense in the digital world. “We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks,” says Secretary Carter. “What we didn’t fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference – hackers who want to help keep our people and nation safer.”
DoD should increase these bug bounty programs. Ultimately, allowing interested people to locate these types of vulnerability has two outcomes: it leads to increased DoD network strength, and allows white hat hacker types to refine their skills.