An official website of the United States Government 
Here's how you know

Official websites use .gov

.gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

You have accessed part of a historical collection on defense.gov. Some of the information contained within may be outdated and links may not function. Please contact the DOD Webmaster with any questions.
Immediate Release

Statement by Pentagon Press Secretary Peter Cook on DoD's Partnership with HackerOne on the "Hack the Pentagon" Security Initiative

The Department of Defense (DoD) announced today that interested participants may now register to compete in the "Hack the Pentagon" pilot. The pilot, designed to identify and resolve security vulnerabilities within DoD websites through crowdsourcing, is the first bug bounty program in the history of the federal government. DoD is partnering with HackerOne, a reputable Bug Bounty-as-a-service firm based out of Silicon Valley, to run the Hack the Pentagon pilot over the next several weeks.

The Hack the Pentagon bug bounty pilot will start on Monday, April 18 and end by Thursday, May 12. Qualifying bounties will be issued by HackerOne no later than Friday, June 10. The program will target several DoD public websites which will be identified to the participants as the beginning of the challenge approaches. Critical, mission-facing computer systems will not be involved in the program.

HackerOne has set up a registration site for eligible participants. Eligible participants must be a U.S. person, and must not be on the U.S. Department of Treasury's Specially Designated Nationals list, a list of people and organizations engaged in terrorism, drug trafficking and other crimes; U.S. citizens and companies are prohibited from doing business with listed entities. In addition, successful participants who submit qualifying vulnerability reports will undergo a basic criminal background screening to ensure taxpayer dollars are spent wisely. Screening details will be communicated in advance to participants, and participants will have the ability to opt-out of any screening, but will forgo bounty compensation.

The registration site is now live and can be accessed at https://hackerone.com/hackthepentagon.

The Hack the Pentagon pilot is modeled after similar challenges conducted by some of the nation's biggest companies to improve the security and delivery of networks, products, and digital services. By providing a legal avenue for the responsible disclosure of security vulnerabilities, bug bounties engage the hacker community to contribute to the security of the Internet.

Individual bounty payments will depend on a number of factors, but will come from the $150,000 in funding for the program.

"This initiative will put the department's cybersecurity to the test in an innovative but responsible way," said Secretary Carter. "I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot."

The "Hack the Pentagon" initiative is being led by the department's Defense Digital Service (DDS), launched by Secretary Carter last November. The DDS, an arm of the White House's dynamic cadre of technology experts at the U.S. Digital Service, includes a small team of engineers and data experts meant to improve the department's technological agility.