For the first time ever, you can get paid to hack the United States Army.
“Hack the Army” joins the U.S. government’s bug bounty program this week, alongside “Hack the Pentagon,” which was established earlier this year.
Secretary of the Army, Eric Fanning, also announced that this program will be in conjunction with HackerOne, a company that specializes in vulnerability coordination and bug bounty platforms.
In an Austin press conference, where the initiative was announced, Fanning stated, “I often said that we need to break down barriers between the Army and some of our nation’s most innovative communities.” He added, “The Army is reaching out directly to a group of technologists and researchers who trade in figuring out how to break into computer networks they are not supposed to.”
After “Hack the Pentagon” was established on April 18, 2016, it took only 13 minutes for the first vulnerability to be discovered. The first six hours of the program saw 200 reports, and $75,000 was paid to hackers finding legitimate bugs.
Ash Carter, Secretary of Defense, said, "When it comes to information and technology, the defense establishment usually relies on closed systems, but the more friendly eyes we have on some of our systems and websites, the more gaps we can find, the more vulnerabilities we can fix, and the greater security we can provide to our warfighters."
By opening up security research to freelance hackers, the government can save a lot of money. In Texas alone, taxpayers paid $8.7 million in 2014 for cyber incidents. That’s a 240% increase from the year before, according to a local news station.
Hackers are going to find flaws no matter what, but by being proactive and working together, the U.S. government has a much better chance at increasing their security at a much lower cost. Better to find your own vulnerabilities in the system—before potential enemies do.