Defense Secretary Ash Carter last week launched a process for ethical hackers to alert the Pentagon about any vulnerabilities they discover on Defense Department websites.
The vulnerabilities disclosure program comes out the same day DoD launches its Hack the Army bug bounty program, which offers cash prizes for vulnerabilities hackers find in a select group of high-value websites.
The goal of both programs is to provide a clear process for internet security researchers to disclose dangerous vulnerabilities to the Pentagon without fearing they’ll be sued for violating the sites’ copyright protections or laws such as the Computer Fraud and Abuse Act.
“We want to engage with those researchers so we can fix those bugs before the bad guys have a chance to find them,” Charley Snyder, senior DOD cyber policy adviser, said during a media briefing.
Both programs are being managed in cooperation with the bug bounty organizer HackerOne. Hack the Army is the first of several bug bounty programs DOD plans to launch, Snyder said.
Keep reading this article at: http://www.nextgov.com/security/2016/11/carter-announces-program-hackers-disclose-dod-web-vulnerabilities/133305