On Friday, the Defense Secretary Ash Carter reported that the US government invited hackers as part of a pilot program to find flaws with five Pentagon websites discovered 138 security vulnerabilities.
According to the Defense Department, the event “Hack the Pentagon”, which was the first “bug bounty” in the history of the federal government, attracted 1,410 computer-savvy Americans. The program cost $150,000, with about half of that going to hackers.
“It’s not a small sum, but if we had gone through the normal process of hiring an outside firm to do a security audit and vulnerability assessment, which is what we usually do, it would have cost us more than $1 million,” Ash Carter explained during a short ceremony at the Pentagon. “Beyond the security fixes we’ve made, we’ve built stronger bridges to innovative citizens who want to make a difference to our defense mission.”
The hackers were invited to find flaws with five public websites, including defense.gov, between April 18 and May 12. During that period, the hackers reported 1,189 vulnerabilities, with 138 of them determined to be “legitimate, unique and eligible for a bounty.”
The 18-year-old high school graduate from the Washington area David Dworken, who turned out at the Pentagon ceremony together with Ash Carter, said that he worked on finding bugs in his spare time. Dworken also explained that he has been participating in bug bounty programs since he was in the 10th grade, and was planning to study computer science in college.
Despite the fact that David Dworken didn’t reap any financial awards and the flaws he found had already been reported by others, he said that participating in the program was “incredibly rewarding” in terms of networking.
“I’m just in high school. And I have recruiters contact me about internships over the summer,” Dworken stated.