Hackers can now report bugs in Defense Dept. websites without fear of prosecution

Coverage Type: 

The Defense Department became the first US government agency to launch a policy enabling researchers to report bugs or flaws they discover in its websites without fear of prosecution. Calling it a “see something, say something” policy for the digital domain, Defense Secretary Ashton B. Carter said the program is aimed at improving the security of the Pentagon’s unclassified, public-facing networks. The Army also opened registration for Hack the Army, a challenge in which researchers and hackers scour Army sites for software flaws and compete for thousands of dollars in bounty rewards. The Army contest explicitly authorizes researchers to try to hack a limited set of Army systems to find weaknesses. Meanwhile, the new policy is aimed at creating a way for hackers or researchers who come across flaws to report them without exposing themselves to criminal liability.

“This is a historic moment for hackers and the U.S. government,” said Katie Moussouris, founder of Luta Security and an adviser to the Pentagon on the new policy. “For the first time since hacking became a felony offense over 30 years ago, the Department of Defense has now opened the doors for ongoing vulnerability disclosure from helpful hackers who want to help secure these systems without fear of legal prosecution.”


Hackers can now report bugs in Defense Dept. websites without fear of prosecution