‘Hack the Pentagon’ program uncovers more than 100 bugs on DOD computers

More than 100 security issues affecting the Pentagon’s computer networks have been discovered during the last three months by volunteer hackers participating in the U.S. government’s first ever bug bounty program, the secretary of defense said Friday.

Speaking to attendees at a tech forum in Washington, D.C., Defense Secretary Ashton Carter said the “Hack the Pentagon” program launched in March exceeded the military’s expectations by uncovering dozens of previously unnoticed security issues affecting the Department of Defense’s public, non-classified computer systems.

The Defense Department said previously that it had planned to award upwards of $15,000 to individuals who could find security problems on Pentagon systems, and Mr. Carter on Friday acknowledged that more than 100 bugs where discovered during the course of the event.

Mr. Carter praised the more than 1,400 hackers registered to participate, saying they were “helping us be more secure at a fraction of the cost.”

“It’s essentially free,” National Defense Magazine quoted the Pentagon chief as saying. “You get all this talent and they’re having a great time and you’re getting a security audit for free. It’s like, ’Wow, pretty good deal.’”

When the program was announced in March, Mr. Carter said he believed the effort would “strengthen our digital defenses and ultimately enhance our national security.”

“Hack the Pentagon” ran from March through May, and spokesman Mark Wright said previously that participants had discovered “about 90” individual vulnerabilities.

Borrowing from similar “bug bounty” programs operated by Silicon Valley companies, the DOD said that “Hack the Pentagon” marked the first time that the federal government would be inviting security experts to penetrate its systems.

“Why hasn’t anybody in the federal government done that?” Mr. Carter asked at Friday’s event. “There’s not a really good answer to that, right? It’s a pretty successful thing.”