The Chief Digital and Artificial Intelligence Office (CDAO) Directorate for Digital Services (DDS) has launched a website (www.hackthepentagon.mil) to accompany their long-running program: Hack the Pentagon (HtP).
DDS launched HtP in 2016, using bug bounties as an innovative way to secure critical Department of Defense (DoD) systems and assets. HtP invites vetted, independent security researchers, known as "ethical hackers", to discover, investigate, and report vulnerabilities, which DoD can then remediate. DDS built the HtP website as a resource for Department of Defense organizations, vendors, and security researchers to learn how to conduct a bug bounty, partner with the CDAO DDS team to support bug bounties, and participate in DoD-wide bug bounties.
"With the HtP website launch, CDAO is scaling a long running program, which historically offered services on a project-by-project basis, by offering the Department better access to lessons learned and best practices for hosting bug bounties," said Dr. Craig Martell, Chief Digital and Artificial Intelligence Officer. "The website helps equip DoD to run continuous bug bounties as part of a larger comprehensive cybersecurity strategy."
While the website is primarily an educational tool for DoD organizations to use as a foundational step before launching a bug bounty, it also is a platform to engage and recruit technical talent.
"Through Hack the Pentagon, we're building a global talent pipeline for cybersecurity experts to contribute to our national defense outside of traditional government career paths," said Jinyoung Englund, Acting Director, CDAO DDS.
Since HtP's initial launch in 2016, DDS has run 40+ bug bounties with over 1,400 ethical hackers who have collectively flagged 2,100+ vulnerabilities for remediation. DDS became part of the CDAO organization in June 2022.
DDS is a highly experienced team of software and data engineers, data scientists, product managers and user research designers with a track record of delivering immediately usable products in record time within the Chief Digital and Artificial Intelligence Office. For more information on DDS, visit dds.mil.
For security researchers who have a vulnerability to report, please visit DoD's Vulnerability Disclosure Program (VDP): https://www.dc3.mil/Missions/Vulnerability-Disclosure/Vulnerability-Disclosure-Program-VDP/