Think you can hack the Pentagon? Well, soon you may get the chance to crack its systems – without violating national security.

The Department of Defense announced Wednesday that it will invite vetted security researchers to test its cybersecurity systems in a pilot program set to begin next month.

It will be the first cybersecurity bug bounty program in the history of the federal government, and hackers "could be eligible for monetary rewards and other recognition," a Pentagon spokesman said, adding that the initiative is modeled after similar competitions conducted by some of Silicon Valley's biggest tech companies.

http://www.csmonitor.com/World/Passcode/2016/0302/In-nod-to-Silicon-Valley-Pentagon-opens-door-to-hackers

I was reading that last night, kinda sucks its only for 'vetted' hacking teams...

I was reading that last night, kinda sucks its only for 'vetted' hacking teams...

It's a recruiting tool it seems to me. They would vett you either way if you came in I imagine. At least this way they aren't lying by omission.

It's a recruiting tool it seems to me. They would vett you either way if you came in I imagine. At least this way they aren't lying by omission.

They're running this on a honeypot, there's no reason not to let anybody give it a shot, IMO... interesting that you think they're recruiting... I think what they're doing is just limiting the pool to companies they'll want to award a contract to eventually (like IOActive, etc).

They're running this on a honeypot, there's no reason not to let anybody give it a shot, IMO... interesting that you think they're recruiting... I think what they're doing is just limiting the pool to companies they'll want to award a contract to eventually (like IOActive, etc).

That's the same thing. Who knows the nature of what's on the contract though.

I get that people don't want to go through the vetting process but there is nothing actually stopping you beyond exposing your identity to the DoD. Typically if they are trying to force people out they do it behind licensing, bonding requirements and the like. Here you only have to declare yourself.

That's the same thing. Who knows the nature of what's on the contract though.

I get that people don't want to go through the vetting process but there is nothing actually stopping you beyond exposing your identity to the DoD. Typically if they are trying to force people out they do it behind licensing, bonding requirements and the like. Here you only have to declare yourself.

Not sure what's part of the vetting process though. ie: Are foreign researchers or solo teams banned? etc.

I'm not opposed to going through the process if it would be ourselves. We already have registered our crypto products with the DoD, DoC and have to send the NSA an email every year describing any updates to the cipher suites, otherwise we can't sell it or export it.

I just think that because this is a test run on a sample server, I see no reason why they would limit themselves.