Podcast: How to hack the Pentagon
Bug bounty programs are a big part of the Pentagon’s push to solve complex IT problems.
But starting programs that allow vetted outside security researchers to search for software flaws was not easy in the bureaucratic and failure-averse institution, say Chris Lynch, the director of the Defense Digital Service, and Lisa Wiswell, the group’s digital security lead.
On the latest episode of The Cybersecurity Podcast, Mr. Lynch said his team went so far as to schedule meetings in conference rooms to which "naysayers" did not have access.
"One of the strategies we had to resort to was literally physically getting some people out of the meetings that we had, because they were so disruptive," Mr. Lynch tells podcast cohosts New America's Peter W. Singer and Passcode's Sara Sorcher.
"They were worried about their own careers, right?" he continued. "There's a belief in the Department of Defense that comes from the idea that failure is not an option, so when you do a bug bounty, if [researchers] find vulnerabilities, that's considered a failure. That's the wrong way to think about it." After all, you can't fix software flaws if you can't find them.
Check out the podcast on: iTunes | Soundcloud | Stitcher
HackerOne is the world's number one bug bounty and vulnerability disclosure platform, connecting organizations with the largest community of creative, white hat hackers, resolving in excess of 40,000 vulnerabilities and awarding more than $14 million in bug bounties. Over 700 organizations including the U.S. Department of Defense, Uber, and Starbucks trust HackerOne to find critical software vulnerabilities before criminals can exploit them.
HackerOne is proud to sponsor The Cybersecurity Podcast.
