The Pentagon Opened Up to Hackers—And Fixed Thousands of Bugs
The United States government doesn't get along with hackers. That's just how it is. Hacking protected systems, even to reveal their weaknesses, is illegal under the Computer Fraud and Abuse Act, and the Department of Justice has repeatedly made it clear that it will enforce the law. In the last 18 months, though, a new Department of Defense project called "Hack the Pentagon" has offered real glimmers of hope that these prejudices could change.
The government's longstanding defensive posture makes some sense in theory—it has important secrets to keep—but in practice security experts have long criticized the stance as a fundamental misunderstanding of how cybersecurity works. The inability of researchers and concerned citizens to disclose vulnerabilities they find inevitably makes the government (or any institution) less secure. So in the wake of numerous government agency breaches, including the devastating Office of Personnel Management hack, DoD's Defense Digital Services group, the Office of the Secretary of Defense Cyber Policy group, and then-Defense Secretary Ash Carter saw a possible opportunity to spur change by introducing the DoD to bug bounties—programs that offer cash rewards to independent hackers who find and disclose software bugs.