The Defense Department has introduced a new policy that seeks to help computer security researchers detect and disclose cyber vulnerabilities in DoD websites and a “bug bounty†challenge that aims to authorize hackers to perform vulnerability identification in the U.S. Army’s networks.“The Vulnerability Disclosure Policy is a ‘see something, say something’ policy for the digital domain,†Defense Secretary Ashton Carter said in a statement released Monday.
“This policy gives [computer security researchers] a legal pathway to bolster the department’s cybersecurity and ultimately the nation’s security,†he added.
DoD consulted the Justice Department’s criminal division to develop the policy.
The Pentagon also opened the registration for the “Hack the Army†bug bounty competition, which is based on the defense digital service’s “Hack the Pentagon” initiative.
The department said it expects approximately 500 participants to take part in the competition and that it will provide cash incentives to security researchers who will identify cyber threats in the Army’s and DoD’s information systems and networks.
DoD will close the registration on Nov. 28 for the Hack the Army competition that is scheduled to run from Nov. 30 to Dec. 21, according to HackerOne’s website.
