The Department of Defense is now taking applications for Hack the Pentagon, the US government's first-ever commercial bug bounty program. To qualify, hackers must be authorized to work in the US, must not be on the Treasury Department's Specially Designated Nationals list of people and organizations engaged in terrorism and-or drug trafficking, and they must not be residing in a country currently subject to US trade sanctions. Those who submit valid bug reports will be subject to a further criminal background check to "ensure taxpayer dollars are spent wisely," according to a DoD announcement.
The Hack the Pentagon program will run from April 18 through May 12 and is being offered in coordination with HackerOne, the centralized bug bounty platform launched in 2012 that serves corporations including but not limited to AirBNB, Adobe, and Twitter. The DoD isn't saying exactly how much it will be paying out per bug, but that the bounties will be drawn from the program's $150,000 budget. Exact payments will depend on "a number of factors."
Bug bounties are an increasingly popular security or security augmentation strategy in which "hackers" (software engineers, developers, coders, whatever) are invited to root out not just security-themed bugs, but bugs in general. Pretty much every tech giant has a bounty program and, for a while, Facebook even had a special "white hat" debit card it handed out to researchers who successfully hunted down and reported vulnerabilities.
"The program will target several DoD public websites which will be identified to the participants as the beginning of the challenge approaches," Pentagon Press Secretary Peter Cook said in the announcement. "Critical, mission-facing computer systems will not be involved in the program."
Interested parties are invited to register here.