Groundbreaking Bug Bounty Program Is Back


Can you hack the Pentagon for good? Then it is your chance to participate in the third chapter of Hack the Pentagon 3.0, backed by the government of the United States.

The U.S. Department of Defense (DOD) has announced the third iteration of its “Hack the Pentagon” bug bounty program, which was first launched in 2016.

The initiative allows cybersecurity researchers to find vulnerabilities in the government’s Facility Related Controls System (FRCS) network which is used to monitor and control equipment and systems related to real property facilities. These include heating, ventilation, and air conditioning (HVAC), utility, physical security systems, and fire and safety systems.

The performance work statement (PWS) of the Hack the Pentagon 3.0 program on the Sam.Gov website states, “The overall objective is to obtain support from a pool of innovative information security researchers via crowdsourcing for vulnerability discovery, coordination and disclosure activities and to assess the current cybersecurity posture of the FRCS network, identify weaknesses and vulnerabilities, and provide recommendations to improve and strengthen the overall security posture.”

The Department of Defense is searching for skilled and trusted researchers from private organizations that have a diverse skill set and will be able to perform source code analysis, reverse engineering, and network and system analysis exploitation.

“The contractor shall provide all labour, material, equipment, hardware, software and training required to assess the current cybersecurity posture of the FRCS Network, identify weaknesses and vulnerabilities, and provide recommendations to improve and strengthen the overall security posture,” reads the draft.

However, it is also clarified that the 72-hour in-person critical bounty program will be limited to the “unclassified Information Systems and operational technology continued within the Pentagon FRCS Network.”



Source link