❝ High-tech hackers brought in by the Pentagon to breach Defense Department websites were able to burrow in and find 138 different security gaps…
The so-called white-hat hackers were turned loose on five public Pentagon internet pages and were offered various bounties if they could find unique vulnerabilities. The Pentagon says 1,410 hackers participated in the challenge and the first gap was identified just 13 minutes after the hunt began.
Overall, they found 1,189 vulnerabilities, but a review by the Pentagon determined that only 138 were valid and unique.
❝ The experiment cost $150,000. Of that, about half was paid out to the hackers as bounties, including one who received the maximum prize of $15,000 for submitting a number of security gaps. Others received varying amounts, to as low as $100.
“These are ones we weren’t aware of, and now we have the opportunity to fix them. And again, it’s a lot better than either hiring somebody to do that for you, or finding out the hard way,” said Defense Secretary Ash Carter…
❝ Called “Hack the Pentagon,” the program will be followed by a series of initiatives, including a process that will allow anyone who finds a security gap in Defense Department systems to report it without fear of prosecution. The department will also expand the bounty program to the military services and encourage contractors to allow similar scrutiny.
Which is why beta-testing is always needed. No matter the skill of code-designers, software engineers, product has to be opened to testing in a wider arena than anything available in-house. And, then – pay attention to what happens after that.
Always something to be discovered. Hopefully, by someone wearing a white hat.