The U.S. Department of Defense (DoD) has put together a prize fund of $150,000 for any computer hacker who can find vulnerabilities in the organization’s security systems.
The DoD’s “Hack the Pentagon” pilot program will start on April 18 and end on May 12. It will provide hackers with a legal avenue to report security vulnerabilities and receive a reward.
Hackers will have to register to participate and there are strict eligibility criteria: hackers must have a U.S. social security number, be eligible to work in the U.S., and will have to agree to a criminal background check to receive a bounty payment from the prize fund.
“This initiative will put the department’s cybersecurity to the test in an innovative but responsible way,” said Secretary of Defense Ash Carter in a press release. “I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot.”
This is the first “bug bounty” program run by the U.S. federal government. Several companies, including Facebook and Google, have offered cash rewards to hackers who can find bugs in their programs or vulnerabilities in their cyber security.
These bug bounty programs have become a best practice for any organization seeking to test and improve its security, according to Marten Mickos, CEO of HackerOne, a platform for conducting bug bounty programs which was selected by the DoD for the pilot.
“Collaboration and transparency with external finders has become essential to securing connected software on the Internet,” said Mickos in a press release.
“Embracing the hacker community is not only a watershed move by the Pentagon, among the world’s most powerful organizations, but also signals deeply promising progress for all of software security.”
Uber, the U.S. taxi app, recently launched its own bug bounty program, offering hackers up to $10,000 to find flaws in its security.
“Even with a team of highly qualified and well trained security experts, you need to be constantly on the look-out for ways to improve,” Joe Sullivan, chief security officer at Uber, said in a blog post.
“This bug bounty program will help ensure that our code is as secure as possible.”
Interested hackers may register for the pilot by going onto HackerOne.
—Additional reporting by CNBC’s Arjun Kharpal.