A bug bounty program is a nifty strategy to find vulnerabilities hidden within a software or network without the fear of getting compromised. Major tech giants like Facebook and Google have all embraced this strategy to keep their computer system secure. The latest to join the fray is the United States Army which recently launched its "Hack the Army" bug bounty program that will kick off this month.
The "Hack the Army" program was announced by Outgoing Army Secretary Eric Fanning. The program, just like most bug bounty campaigns, asks hackers and security analysts to point out flaws and vulnerabilities in the Army's digital recruiting platform.
The "Hack the Army" bug bounty program focuses on the Army's recruitment websites and databases for both active personnel and new applications. However, unlike most bug bounty campaigns, "Hack the Army" is an invite-only program. The Army said that it is adopting this strategy to make sure that participants are properly vetted. On the other hand, military and government personnel interested in joining the campaign are automatically admitted.
In a statement acquired by Wired, Fanning said, "We're not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense. We're looking for new ways of doing business."
Fanning said that the digital services used in the recruitment process are "Mission Critical," although he added that they are not a crucial component to the Army's operating like communications and navigation systems integrated on combat vehicles.
According to The Hill, security consulting firm HackerOne will be facilitating the "Hack the Army" bug bounty campaign. This is the same security firm that helped establish the "Hack the Pentagon" program which was launched awhile back. Both HackerOne and the Department of Defense are yet to confirm the official prize pool of the bug bounty campaign.