Under most circumstances, poking into Department of Defense networks is grounds for a long jail stint or, more recently, a rise in international tensions. But now the military is seeking out those who want to break in, and offering bounties to those that find vulnerabilities.
A statement from the DOD said that this was the federal government's first bug bounty, though they've become increasingly common in the public sector. And, unsurprisingly, there are a lot of rules for those who want to engage in a little friendly cyberfire: It kicks off April 18 and ends by May 12, but be careful where you prod even then.
“The program will target several DoD public websites which will be identified to the participants as the beginning of the challenge approaches,” Pentagon Press Secretary Peter Cook said in the statment. “Critical, mission-facing computer systems will not be involved in the program.”
The program is being run by HackerOne, a California-based startup that has run similar competitions for corporate customers. Payouts for vulnerabilities weren't precisely defined, but the DoD said that cash prizes would be paid out of the program's $150,000 budget.
No word if other agencies that might have some vulnerabilities up their sleaves already are eligible for prizes.