WASHINGTON, June 17, 2016 — Cracking open his laptop between classes as he finished up his senior year in high school, 18-year-old David Dworken was on an important mission for the Pentagon, according to Defense Secretary Ash Carter.
Dworken was among the more than 1,400 hackers invited to take part in the first bug bounty program for the federal government, Carter said today at an event in which he was joined by Dworken and others involved in the “Hack the Pentagon” pilot program.
More than 250 participants submitted at least one vulnerability report, with 138 of those vulnerabilities determined to be “legitimate, unique and eligible for a bounty,” Carter said.
“It’s not a small sum, but if we had gone through the normal process of hiring an outside firm to do a security audit and vulnerability assessment, which is what we usually do, it would have cost us more than $1 million,” Carter said.
The program, according to Carter, is a cost-effective way to supplement and support the people who defend the government’s computer networks. The Defense Department worked with the Silicon Valley-based company HackerOne to fix all the vulnerabilities, Carter said.