Defense Digital Service Announced the Launch of DDS’s 11th Bug Bounty Program with HackerOne

HackerOne | January 07, 2021

The Defense Digital Service (DDS) and HackerOne today announced the dispatch of DDS's 11th bug abundance program with HackerOne and the third with the U.S. Branch of the Army. Hack the Army 3.0 is a period bound, programmer controlled security test pointed toward surfacing weaknesses so they can be settled before they are abused by foes. The bug abundance program is available to both military and regular citizen members and will run from January 6, 2021 through February 17, 2021.

Bug abundance programs, similar to Hack the Army 3.0, boost security examination and announcing of genuine security weaknesses in return for money related awards for qualified weaknesses and members. These projects are an industry best practice utilized by the most full grown associations across the world. By unveiling weaknesses to security groups, regular citizen and military programmers will help the U.S. Armed force secure digital resources and guard against cyberattacks. Hack the Army is one illustration of the Army and DoD's ability to seek after imaginative and nontraditional ways to deal with guarantee the capacity and security of individuals, organizations, and information.

"Bug bounty programs are a unique and effective 'force multiplier' for safeguarding critical Army networks, systems and data, and build on the efforts of our Army and DoD security professionals," said Brig. Gen. Adam C. Volant, U.S. Army Cyber Command Director of Operations. "By 'crowdsourcing' solutions with the help of the world's best military and civilian ethical hackers, we complement our existing security measures and provide an additional means to identify and fix vulnerabilities. Hack the Army 3.0 builds upon the successes and lessons of our prior bug bounty programs."

“We are proud of our continued partnership with the Army to challenge the status quo in strengthening the security of military systems and shifting government culture by engaging ethical hackers to address vulnerabilities,” says Brett Goldstein, Director, Defense Digital Service. “We’re calling on civilian and military hackers to show us what they’ve got in this bug bounty and to help train the future force.”

Participation in the Hack the Army 3.0 bug abundance challenge is open by greeting just to regular citizen programmers and dynamic U.S. military individuals. Bug bounties might be offered to regular citizen programmers for substantial security weaknesses as indicated by the program strategy. Military and temporary worker staff are not qualified to get monetary prizes.

“We are living in a different world today than even just a year ago,” said Marten Mickos, CEO of HackerOne. “Amidst disinformation and a global health crisis, citizens are increasingly wary of how, when, and where their information is used. For years, the U.S. Department of Defense and respective military branches have successfully strengthened their cybersecurity posture and protected precious data by enlisting the help of ethical hackers on HackerOne. Years later, hacker-powered security is not only a best practice in the US military, but it is now a mandated requirement among civilian federal agencies. There is only one way to secure our connected society, together, and the U.S. Army is leading the charge with this latest challenge.”

DDS has been a harbinger in programmer fueled security testing since the time the dispatch of "Hack the Pentagon" in 2016. DDS's Hack the Pentagon group has executed 14 public bounties on outside confronting sites and applications, and ten private bounties on a scope of delicate, inside frameworks in the U.S. Branch of Defense (DoD). Instances of past private bounties incorporate coordinations frameworks, actual equipment, and faculty frameworks.

In partnership with DDS, HackerOne has launched more federal programs than any other hacker-powered security provider and is the only bug bounty platform that is FedRAMP authorized. Previous bug bounty challenges and results include: Hack the Pentagon, Hack the Army, Hack the Air Force, Hack the Air Force 2.0, Hack the Defense Travel System, Hack the Army 2.0, Hack the Air Force 3.0, Hack the Air Force 4.0, Hack the Proxy and Hack the Marine Corps. DDS also launched a Vulnerability Disclosure Program (VDP) for the DoD in 2016, which is now one of the most successful programs of its kind with hackers reporting over 20,000 security vulnerabilities to date. Hackers who become aware of any vulnerabilities can safely disclose them to the DoD at any time through this ongoing VDP with HackerOne.

About HackerOne

HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Verizon Media. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020. Headquartered in San Francisco, HackerOne has a presence in London, New York, the Netherlands, France, Singapore, and over 70 other locations across the globe.

About Defense Digital Service

The Defense Digital Service was established by the U.S. Secretary of Defense in November 2015 as a SWAT team of nerds that provides the best in modern technical knowledge designed to bolster national defense. We are primarily based in the Pentagon, but we also have satellite offices in Augusta, Georgia and co-located at the Defense Innovation Unit in Mountain View, California. Our range of talent includes world-class software developers, designers, product managers, digital experts and bureaucracy hackers from both the private sector and within government.


Public agencies experience unique challenges that aren’t found in the private sector. Agencies have to comply with constitutional requirements, and usually do so on tighter budgets and with limited staff members. Our whitepaper explores the biggest challenges government teams are facing with eDiscovery.


Public agencies experience unique challenges that aren’t found in the private sector. Agencies have to comply with constitutional requirements, and usually do so on tighter budgets and with limited staff members. Our whitepaper explores the biggest challenges government teams are facing with eDiscovery.

Related News


Skyhigh Secure Web Gateway Is Now Authorized by FedRAMP

Skyhigh Security | February 15, 2023

On February 14, 2023, Skyhigh, a Security Service Edge Leader, announced that its Skyhigh Secure Web Gateway achieves Federal Risk and Authorization Management Program (FedRAMP) Moderate Authorization. Federal government agencies and government contractors are increasingly adopting cloud technologies to enhance efficiency, promote agility, and reduce costs. The FedRAMP Authorization enables these organizations to implement Skyhigh SWG, a component of the Skyhigh Security Service Edge (SSE) portfolio, to provide continuous, secure access for users anywhere, shield vital government data, and protect against today's advanced threats. The U.S. government program, FedRAMP, evaluates cloud security vendors based on a standardized security framework for cloud products and services, focuses on protecting sensitive federal data in the cloud. Its process demonstrates the Skyhigh SWG solution has been assessed and approved by the C-level security officers from the Department of Defense (DoD), the General Services Administration and the Department of Homeland Security. Skyhigh SWG enables authorized government users to connect securely to the cloud and web from anywhere and on any device. It prevents threats from entering an environment and sensitive data from leaving by monitoring inline traffic and acting as a gateway between users, websites, applications, and data. Multiple integrated technologies, such as Remote Browser Isolation (RBI), Cloud Access Security Broker (CASB), and Data Loss Prevention, are used by Skyhigh SWG to protect federal agencies from potentially malicious or unauthorized websites and cloud applications (DLP). The Skyhigh SSE portfolio safeguards data and prevents threats in the cloud through all Software-as-a-Service applications, Shadow IT, and Infrastructure-as-a-Service environments from a single, cloud-native enforcement point. It gives organizations to control and visibility of their data in the cloud, irrespective of where it resides. It offers a DLP engine with single user-friendly centralized management and reporting dashboard, a single policy framework through all data exfiltration vectors and multi-layered security technologies to protect all possible use cases in the federal government environment. About Skyhigh Security Skyhigh Security, headquartered in San Jose, California, is committed to assisting clients in securing the world's data. It protects organizations with data-aware and user-friendly cloud-native security solutions. Its industry-leading Security Service Edge (SSE) Portfolio goes beyond data access and focuses on data use, enabling organizations to collaborate securely from any device and location. It allows organizations to gain complete visibility and control and to monitor and mitigate security risks seamlessly, thereby reducing associated costs, enhancing efficiencies, and keeping up with the pace of innovation.

Read More


Snyk Achieves FedRAMP’s “In Process” Authorization

Snyk | February 08, 2023

On February 07, 2023, Snyk, a computer and network security company, announced "In Process" authorization from FedRAMP, i.e., the Federal Risk and Authorization Management Program marketplace, which will work towards developer security needs. Currently working under the Centers for Medicare and Medicaid Services (CMS) sponsorship, it will get the support of federal, local, and state governments, as well as educational institutes with whom it has previously worked because of government compliance requirements. The authorization represents its support to organizations in the public sector for secured digital transformation. Even government leaders ensure the best technological innovation, cybersecurity remedies, and software developer productivity across their agencies, just as organizations do in the private sector. The departments of U.S. federal governments and agencies with FedRAMP Moderate Impact authorization will have direct access to Snyk's security solutions for strengthening proprietary code protection, detecting security issues, open-source dependencies, cloud infrastructure, and container images. It offers security for JavaScript, containers, Kubernetes, applications, open source, cloud, SDLC, coding, and Python with security checkers. Many industry-leading applications and security intelligence support it to add security expertise to almost every developer's toolkit. CEO of Snyk, Peter McKay, said, "Our progress towards FedRAMP authorization enables Snyk to help enhance our nation's overall software supply chain security, a vital need outlined in President Biden's recent Executive Order 14028." He added, "We are committed to helping government agencies evolve away from ineffective legacy cybersecurity approaches, allowing them to embrace a modern, developer-centric security mindset and experience the benefits of DevSecOps." (Source - Globe Newswire) About Snyk Snyk, a provider of developer security, empowers developers to build secure applications and digital platforms worldwide. Headquartered in Boston, Massachusetts, it is dedicated to securing all the critical components, from code to the cloud, for enhanced developer productivity, customer satisfaction, revenue growth, improved security posture, and cost savings. Its security platform automatically integrates with developers' workflows and has purpose-built security teams to collaborate with the client's development teams. Many industry leaders like Salesforce, Revolut, New Relic, MongoDB, Intuit, Google, and Asurion, along with more than 2,500 customers worldwide, trust it for cybersecurity.

Read More


Unanet ERP GovCon to Offer Streamlined Solution for Planate Management Group

Unanet | March 09, 2023

On March 08, 2023, one of the leading providers of project-based ERP and CRM for government contractors, Unanet, announced Planate Management Group, the government contracting firm, selected Unanet ERP GovCon to offer a more in-built and streamlined solution for their business processes and to help the company as its scales rapidly. A service-disabled veteran-owned small business (SDVOSB), Planate is headquartered in Alexandria, Virginia, with a workforce of more than 200 people. It specializes in master planning and facility, architecture and engineering support, engineering design, and environmental services for DoD, federal, and industry clients in over 20 countries globally. The management group is expecting significant growth both domestically and internationally in 2023. As a result, company leaders determined it was time to abandon the disparate, off-the-shelf accounting software on which the company relied, as these systems were causing significant project and operational inefficiencies that negatively impacted the bottom line. Planate selected Unanet's purpose-built platform for government contractors for its ERP solutions requirements. Planate set Unanet's platform based on the positive ratings from other GovCon users and strong customer service and training track record. As a result, Planate will replace its patchwork of non-integrated tools for time entry, accounting, and project management with Unanet, a modern platform where these and other capabilities are fully integrated and work together effortlessly. According to Unanet's recent Gauge Report, which highlights trends, best practices, and business challenges in the government contracting industry, approximately 30% of GovCon small businesses cite organic growth as the leading cause of their financial challenges. About Unanet Unanet is a leading ERP and CRM solution provider for government contractors, AEC, and professional services. The company is based in Dulles (Virginia). It has over 3200 project-driven organizations that rely on Unanet to help them with information and actionable insights to make better decisions and boost the business, including Haskell, Array, NewFields and many more. It offers all support with its people-centered team, which works towards the success of clients' projects, people, and finances. Its products include Unanet ERP GovCon, ERP AE, CRM GovCon, and CRM by Cosential.

Read More