Oct 24, 2018

3 firms to split DOD's $34 million bug bounty program

Cricket in a wastebasket

Photo: Fernando Trabanco Fotografía / Getty Images

The three major crowd-sourced pen testing companies — Bugcrowd, HackerOne and Synack — will split an expansion of the Department of Defense's "Hack the Pentagon" bug bounty program that could be worth up to $34 million.

Why it matters: Bug bounty programs offer incentives, like cash rewards, to third-party researchers to independently search for security flaws and report bugs to manufacturers and organizations so that they can be fixed. The firms are needed because such programs are often not easy to run on the back end and require administrative work to wrangle hackers to participate and filter out incorrect or duplicative reports.

Go deeper