DoD Bug Bounty - Registration Activated 18th April - 16th May 2016

Today at night the new bug bounty page of the Department of Defense became online. About some weeks ago the Department of Defense announced to startup a bug bounty program for individuals and us citizens in apil 2016. In the new information letter the DoD announced how to participate in the official bug bounty program.

A registration formular with tax details (hellosign & w8ben) is required to participate for all individuals and companies in the official bug bounty program of the DoD. A separate approval will managed by the DoDs Law Enforcement Agency to deny access for people that are not trusted at all or criminals. Secrecy, liability, trust, approval and experience are required to successfully get accepted at the end by the official of the program.

The new date for the program startup is the 18th April 2016. The new program runs till the 16th May 2016, after that no more reports are accepted to the pilot program of the pentagon. Researchers that do register to the official government program should know about that all there credentials are approved and reviewed manually by the program owners (Department of Defense - USA). The program does offer commercial rewards to red teams and bug bounty hunters that hit the scope.

Rewards & Budget (150.000 USD)

The first pot that is reserved by the department of defense offers a budget count of 150.000$ to bug bounty hunters. The payments are pending with the severity and priority of the reported vulnerability. The program had a first budget reserved as pilot program to review the usability of such a program to the government.

The vulnerability laboratory core research team was informed about to attend as the first German team to the official "Hack the Pentagon" program. In 2009/2010 Pim J.F.P. Campers and Benjamin Kunz Mejri discovered several remote vulnerabilities in the main services of the pentagon and department of defense, acknowledged with US-CERT ID VU#660212. Since 2 days the evolution security gmbh owns a new bug bounty program service with engine for different governments that becomes available to monday.

Reference(s):

http://magazine.vulnerability-db.com/?q=articles/2016/03/02/hack-pentagon-cybersecurity-initiative-pentagon-homeland-security

https://www.defense.gov/News/News-Releases/News-Release-View/Article/684106/statement-by-pentagon-press-secretary-peter-cook-on-dods-hack-the-pentagon-cybe

http://www.defense.gov/News-Article-View/Article/710033/hack-the-pentagon-pilot-program-opens-for-registration

https://twitter.com/DeptofDefense