“In yet another contract allowing outside hackers to test systems for vulnerabilities, the Department of Defense is opening the doors to more sensitive systems. In the past the bug bounties, as they’re known, focused on public-facing DoD websites. They allow vetted hackers to search for vulnerabilities for cash payouts that will later be fixed. This time, vulnerability disclosure company HackerOne, which has run the various Pentagon bug bounties to date, will ‘run bug bounties on a broader range of assets such as hardware and physical systems,’ a release by the company said. Declining to offer specifics on these systems, HackerOne CEO Marten Mickos told Fifth Domain that the contract will focus on DoD systems that are more critical and maybe more sensitive.”
Source: DoD bug bounty program to expand to more sensitive systems