Following the success of their Hack the Pentagon project, the US Department of Defense is to extend the project across its network.
Run over four weeks earlier this year, the pilot program reportedly generated t138 unique bug reports and paid out $71,200 to hackers.
The company running the pilot, Hacker One, is one of a group of companies organising bounty hunts for the hacking community.
Casey Ellis, the CEO of competing service Bugcrowd, describes his business as being “essential a community of thirty thousand hackers from around the world.”
“The whole idea is to identify where the vulnerabilities are discovered and fixed before the bad guys,” he says. “your guys who you are paying by the hour are plenty smart but they are competing with a crowd of bad guys who think creatively.”
Ellis explained how services like Bugcrowd allow clients like the US Department of Defense to manage the risk and administrative aspects of running a security competition, making it easier for large organisations to run crowdsourced projects like this.
Much has been written about crowdsourcing but it’s commercial fields like security testing where tapping the wisdom of the community really pays off. For some consulting firms, these services could turn out to be real threats.