On Thursday, the US Department of Defense announced the launch of a pilot bug-bounty program for DOD's public-facing websites. Called "Hack the Pentagon," the bounty program will be managed by HackerOne, the disclosure-as-a-service company founded by Alex Rice and Michiel Prins.
Since Hack the Pentagon is a pilot, its budget and duration are fairly modest by DOD standards. The Pentagon has budgeted $150,000 for the month-long bug hunt, which will begin on Monday, April 18 and end by Thursday, May 12. Payouts for accepted bugs will come from HackerOne and will be doled out by June 10.
Pentagon press secretary Peter Cook did not specify which DOD sites would be considered fair game for Hack the Pentagon. "The program will target several DoD public websites which will be identified to the participants as the beginning of the challenge approaches," he said. "Critical, mission-facing computer systems will not be involved in the program."