WASHINGTON — The Pentagon expects to pay out rewards to individuals who successfully hacked department websites under a new program by the end of the month.
The payouts, part of the Hack the Pentagon initiative, will go out to around 90 individuals and could reach as high as $15,000.
The program represents the first time a government agency has launched a "bug bounty" competition, where verified hackers were asked to attack specific DoD websites in order to find vulnerabilities in exchange for cash prizes. These type of competitions are considered a common setup for the private sector, particularly in Silicon Valley.
Defense Secretary Ash Carter announced the program March 2, and it formally commenced March 31. The competition ended last week, and the Pentagon is assessing the results, according to spokesman Mark Wright.
In total, 1,410 individuals took part in the competition, significantly more than the 500 the Pentagon expected. "About 90" individual vulnerabilities were found, Wright said.
Payouts are on a first-come, first-served basis, which requires Pentagon officials sort through the reports to try to make sure that if two hackers reported the same vulnerability, the first person to report it is rewarded.
The size of the reward varies from $100 to $15,000, depending on the type of vulnerability discovered and how far the hacker was able to exploit it.
Officials have previously indicated that if the program was successful, another round could be launched on a different set of websites. Wright indicated that option remains possible, saying "we've talked about doing more if it is successful" and noting that the results "look really positive."
Aaron Mehta was deputy editor and senior Pentagon correspondent for Defense News, covering policy, strategy and acquisition at the highest levels of the Defense Department and its international partners.