Cold hard cash is a strong motivator for many people and the Department of Defense is hoping that hackers are no exception.  In March, DoD announced the upcoming launch this spring of a bug bounty program, modeled after those popular in the private sector.  The press release announcing the program was short on details and long on patriotic hype, but this first-of-its-kind program in the public sector seeks to take an approach that has already proven successful in private industry.

Whether organizations like it or not, hackers will probe their systems seeking out weaknesses in servers and applications that may be exploited for a variety of reasons.  Some of these individuals merely seek the intellectual challenge of identifying vulnerabilities and then leverage their discoveries to gain notoriety within the hacking community.  Bug bounty programs seek to redirect these individuals to disclose their discoveries directly to the company, rather than to the general public, typically in exchange for some form of compensation.  The goal is to harness the intellectual horsepower and work ethic of hackers and use it in the service of improving security.

Read the full article: Defense Department Puts Bounty on Bugs

Published April 12, 2016 in Certification Magazine