We are thrilled to be part of the DoD’s security posture and announce that the Department of Defense (DoD) has awarded Bugcrowd a contract to expand the DoD’s “Hack the Pentagon” Crowdsourced Digital Defense Program. The program, which includes expanded bug bounties and other crowdsourced security programs is aimed at boosting the Pentagon’s capacity to strengthen security for sensitive, internal assets.
As Reina Staley, chief of staff and co-founder of the Defense Digital Service told the NextGov earlier this year:
“Securing sensitive information for millions of government employees and contractors is no easy task. No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS.”
The “Hack the Pentagon” program enables the DoD to run assessments on a broader range of assets such as hardware and physical systems. Whereas security checklists may help establish a certain baseline of best practices, vetted whitehat hackers simulating real and insider threats bring valuable new security perspectives to emulate and ultimately combat adversaries, mitigating risk.
Of today’s expanded program, Chris Lynch, Director of the Defense Digital Service said:
“Finding innovative ways to identify vulnerabilities and strengthen security has never been more important. When our adversaries carry out malicious attacks, they don’t hold back and aren’t afraid to be creative. Expanding our crowdsourced security work allows us to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We’re excited to see the program continue to grow and deliver value across the Department.”
In today’s environment, crowdsourced security is critical because all systems are vulnerable and there is a massive deficit of security skilled resources. And while we cannot control our adversaries, we can control where we are vulnerable. But we can only do this if we know. CISOs and CIOs have the daunting task of prioritizing the identification of where their vulnerabilities are and how to fix them…before it’s too late.
Since 2012 Bugcrowd has provided fully managed public and private bug bounty, vulnerability disclosure and next-gen penetration testing programs to alleviate this risk. Today, we work with leading organizations across 50 industries and in 30 different countries. We are honored to work with the DoD to bring the scale and expertise of our worldwide elite Crowd of whitehat hackers. The DoD led the way in adopting a crowdsourced security program with the “Hack the Pentagon” program early on. We are excited to expand on the success of these early efforts and help strengthen our nation’s security as we have done for companies like HP, Motorola and Atlassian.
Crowdsourced security is a force multiplier to solve real-world cybersecurity issues across the public and private sectors. This new contract with the DoD further demonstrates the power of the model.