- How to clear the cache on your Windows 11 PC (and why you shouldn't wait to do it)
- These Sony headphones deliver premium sound and comfort - without the premium price
- The LG soundbar I prefer for my home theater slaps with immersive audio - and it's not the newest model
- Samsung's new flagship laptop rivals the MacBook Pro, and it's not just because of the display
- Email marketing is back and big social is panicking - everything you need to know
US to Launch Third Iteration of ‘Hack the Pentagon’ Bug Bounty Program
The US Department of Defense (DoD) has confirmed it will soon launch the third part of its ‘Hack the Pentagon’ bug bounty program, first unveiled in 2016.
According to a dedicated page on the Sam.Gov website, the initiative will rely on cybersecurity researchers to find vulnerabilities in the government’s Facility Related Controls System (FRCS) network.
“The Contractor shall provide all labor, material, equipment, hardware, software and training required to assess the current cybersecurity posture of the FRCS Network, identify weaknesses and vulnerabilities, and provide recommendations to improve and strengthen the overall security posture,” reads a draft of the performance work statement (PWS) of the Hack the Pentagon 3.0 program.
The FRCS infrastructure includes systems used to monitor systems related to real property facilities like fire and safety systems, heating, ventilation, and air conditioning (HVAC), utilities, and physical security systems, among others.
“DoD has identified an emerging need to leverage a diverse pool of innovative information security researchers […] via crowdsourcing, for vulnerability discovery, coordination and disclosure activities,” the draft explains.
The document also clarifies that the critical bounty program will only involve “unclassified Information Systems and operational technology contained within the Pentagon FRCS Network.”
“These are sensitive Government assets; therefore, the Contractor will be required to leverage a private community of skilled and trusted researchers, which may be limited to US persons only, with eligibility criteria established by the DoD,” the draft explains.
Additionally, the draft is calling for researchers to be diverse in skillset and able to conduct source code analysis, reverse engineering and network and system exploitation.
“The bounty execution or ‘challenge phase’ itself is expected to last no more than 72 hours in person. Access to assets and asset owners will be provided to the Contractor upon Contract award.”
The third installment of the Hack the Pentagon bug bounty program comes almost four years after the second one, which was unveiled in April 2018.
