Following Election Hacks, DoD Launches Crowdsourced Security Initiative

Following Election Hacks, DoD Launches Crowdsourced Security Initiative with $7 Million in Contracts

Before in the year, the Department of Defense force started a pilot program chosen "Hack the Pentagon." DoD invited vetted hackers to test the security of its websites and networks amongst growing cyber security concerns. Following the news of foreign hackers targeting the election and regime offices, the DoD is taking the initiative fifty-fifty farther. The Department is launching a two-pronged program with HackerOne and Synack for a total of $7 1000000 in contracts.

DoD awards $7 million crowdsourced security contracts to Synack and HackerOne

After inviting white hat hackers to seek vulnerabilities in the Department's 488 websites nether a bug compensation program, DoD is strengthening its security initiatives fifty-fifty farther. The "Crowdsourced Security Initiative" will benefit from oversupply-sourced security intelligence, focusing on the power of security researchers to scour the DoD'south applications, websites and networks for vulnerabilities.

HackerOne will be responsible for public facing properties, while Synack will run mission-critical and sensitive IT assets. Hack the Pentagon was already managed by HackerOne, who volition go along to run bug bounty programs. Synack, on the other mitt, gets a new contract that is designed afterwards private bounty incentive model, where only the highly vetted researchers will focus on the most sensitive IT assets of the DoD.

DoD has joined the "list of forrad-thinking global enterprises, recognizing that the only way they can stay ahead of the over 77,000 annual cyber incidents with which U.S. Federal Government agencies face each year, is to adopt a model that tin can scale to the threats," Jay Kaplan, CEO of Synack wrote. This is the largest government contract ever awarded in this space.

The complete printing release is fastened below.

San Francisco, CA – October 20, 2022 — The U.S. Section of Defense (DoD) announced today it awarded contracts for crowdsourced vulnerability discovery and disclosure programs to HackerOne and Synack. The contracts will enable DoD to create a vehicle for future crowdsourced challenges and advantage the research community to identify and resolve security vulnerabilities inside DoD digital avails. The two-pronged effort in partnership with Synack and HackerOne will harness the power of security researchers to scour the DoD's applications, websites and networks for vulnerabilities.

Later the success of the "Hack the Pentagon"pilot led by Defense Digital Services and managed past HackerOne, the DoD will launch a full scale program to include more public facing properties likewise as mission-critical avails through ii distinct contracts. The first contract, awarded to HackerOne, will permit DoD and HackerOne to run issues bounty challenges similar to Hack the Pentagon to protect public facing avails and domains. The new contract, awarded to Synack, is modeled subsequently a private, managed bounty incentive model utilizing just highly vetted researchers and is focused on the DoD's sensitive IT assets.

The RFP was issued in August 2022. Afterwards completing a thorough and competitive process for each of the contracts, the DoD, moving with a stride more common to a Silicon Valley company, awarded these two contracts in September 2022. The combined contracts are valued at $vii one thousand thousand and are expected to encompass up to 14 challenges and reward hundreds of security researchers.

"As adversaries get more sophisticated and the threat surround continues to evolve, maintaining the highest levels of security has never been more important," said Mark Wright, Spokesman at Office of the Secretary of Defense. "By partnering with these leading crowdsourced security companies, nosotros tin can take a much more innovative, diverse, scalable and constructive approach to better protect and defend our digital assets."

"No government or organization is so powerful that it does not need outside assist identifying security issues. Working with the external hacker community will supplement the crucial cybersecurity piece of work that DoD is doing internally," said Marten Mickos, CEO HackerOne. "Securing our online society is paramount and this puts the U.Southward. federal regime in the forefront."

"This award really marks a turning point in harnessing innovation to secure the nation's most disquisitional avails. We now take one of the largest enterprises conveying some of the earth's most sensitive information embracing Crowd Security Intelligence™," said Jay Kaplan, CEO of Synack. "As attacks become more sophisticated, the DoD is taking a much needed innovative approach to security by harnessing the earth's best security researchers. Over the last two years nosotros have been able to deliver actionable results to our F500/G500 customers. At present information technology's rewarding to be able to deliver those same benefits to the DoD."

HackerOne and Synack are the leaders in the crowdsourced security manufacture and will assistance the DoD to quickly and efficiently launch challenges to aid secure DoD assets and increase adoption of the crowdsourced approach to security. Secretary of Defense, Ash Carter'due south assessment of the initial Hack the Pentagon pilot was that they got higher efficacy and superior results when compared to a more than traditional testing approach.

###

Nigh HackerOne

HackerOne is the world's almost popular problems compensation platform, connecting organizations with the world'south largest community of highly-qualified hackers. More than 600 organizations, including The U.South. Department of Defense, General Motors, Uber, Twitter, GitHub, Kaspersky Lab, Square, Dropbox and the CERT Coordination Heart trust HackerOne to find critical software vulnerabilities before criminals tin exploit them. HackerOne customers have resolved more than 31,000 vulnerabilities and awarded hackers more than than $10,000,000 in issues bounties. HackerOne is headquartered in San Francisco. For more information, delight visit https://hackerone.com.

Nearly Synack

Based in Redwood City, California, Synack is a security company revolutionizing how enterprises view cybersecurity: through a hacker'due south optics. Synack's private, managed crowdsourced security solution arms clients with hundreds of the world'due south most skilled, highly vetted ethical hackers who provide a truly adversarial perspective of clients' Information technology environments. Synack'due south confidential client base of operations is comprised of some of the largest F500/G500 enterprise organizations across banking and fiscal services, healthcare, consumer goods and retail, manufacturing, engineering and the U.S. Federal Government. All engagements are conducted by Synack'due south vetted skilled professionals and are treated with accented privacy. Synack was founded in 2022 by erstwhile NSA security experts Jay Kaplan, CEO, and Dr. Marking Kuhr, CTO. For more information, please visit https://www.synack.com/Government/.