After the Department of Defense lauded the success of the Hack the Pentagon bug bounty program, it seemed only a matter of time before other departments got in on the action.

While the Army announced Friday that it will be following the Pentagon's lead, the IRS on Tuesday became the first civilian agency to launch a bug bounty program.

Partnering with bounty facilitator Synack — who recently signed on to manage the second phase of the Pentagon's program — the tax collection agency will allow a select group of vetted white hat hackers to test its systems for weaknesses.

While the hacker pool won't be completely open, Synack uses a stable of freelance testers and white hats from across the globe to get a diverse sampling. Those people are vetted through the company's trust framework before being unleashed for the hunt.

Those hackers can expect to pull in between a few hundred dollars and $25,000 for each vulnerability they find, depending on criticality.

The $2 million contract with Synack will run through September 2017.

"We are excited to see vital government bodies, like the IRS and DoD, move even more quickly than many enterprises to implement our innovative crowdsourced security approach," Synack CEO Jay Kaplan said. "As attackers and threats become savvier, the federal agencies are recognizing that advanced security is paramount; we're rolling out our Synack Government solution to protect some of the most sensitive transactional data and mission-critical IT assets in the country."

About Aaron Boyd

Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.

Share:
In Other News
Load More