DDS is the Directorate for Digital Services in the Chief Digital and Artificial Intelligence Office (CDAO) in the Office of the Secretary of Defense at the Department of DefensE.

DDS runs Bug Bounties for the Department of Defense.

A Bug Bounty is a time-boxed assessment where monetary rewards are given to security researchers/ethical hackers in exchange for reporting bugs or vulnerabilities in systems. Some of our past DoD business partners/asset owners have included the U.S. Army, U.S. Navy, U.S. Air Force, U.S. Marine Corps, DoD agencies and offices, and the Pentagon itself.

Our DoD business partners/asset owners choose us because we increase their resistance to attack by mobilizing or tapping into the world’s top security researchers to identify vulnerabilities on their behalf.

We Test DoD Websites, Apps, Public Facing Assets, And More

3 Things To Know For The DoD

A Bug Bounty is a highly coordinated and secured competition where ethical hackers are awarded monetary compensation for successfully discovering and reporting vulnerabilities through pre-established channels.

Learn more about current policy regarding Bug Bounties:

Learn More

Bug Bounties are a rapid and more cost-efficient way for DoD to identify and remediate unknown vulnerabilities before the adversary can exploit them.

Bug Bounties are invitations to security researchers to hack specific systems within published rules of engagement whose findings are incentivized with financial award.

In a Vulnerability Disclosure Program (VDP), researchers report vulnerabilities on the honor system. Findings are acknowledged but there is no financial award.

Visit The VDP

Why Run A Bug Bounty With DDS?

We facilitate procurement, project management, & platform management for reporting

Our programs are cost efficient with a proven history of ROI

We offer flexibility in testing scale and a diversity of researchers

Our Bug Bounties generate real and actionable results for reporting and remediation

Bug Bounty By The Numbers

Based On The Average Of 40+ Bounties

Average Bug Bounty Cost:

‍$300K

Average Vulnerability Count:

38

Critical=11 High=23 Medium=4

Hack The Pentagon To Date

40+ Bug Bounties Run

We have run both private (hand-selected, cleared security researchers) and public (open to a wider and global security researcher community) bounties with the U.S. Army, U.S. Navy, U.S. Air Force, U.S. Marine Corps, DoD agencies and offices, and the Pentagon itself.

1400+ Security Researchers Sourced

Also known as “white hats” or ethical hackers, security researchers are security experts that proactively perform assessments designed to find vulnerabilities and improve your organization’s security.

2100+ Vulnerabilities Found

Since 2016, Hack the Pentagon bounties have repeatedly tested DoD assets as an adversary would.

Average Bounty Vulnerability Count: 38
→ Critical = 11
→ High = 23
→ Medium= 4

What People Are Saying

Dr. Craig Martell
Chief Digital and
Artificial Intelligence Officer
“The website helps equip DoD to run continuous bug bounties as part of a  comprehensive cybersecurity strategy.”
Dr. Craig Martell
Chief Digital and
Artificial Intelligence Officer
“With the HtP website launch, CDAO is scaling a long running program, which historically offered services on a project-by-project basis, by offering the Department better access to lessons learned and best practices for hosting bug bounties."
Ash Carter
Former
Secretary of Defense
“When it comes to information and technology, the defense establishment usually relies on closed systems. But the more friendly eyes we have on some of our systems and websites, the more gaps we can find, the more vulnerabilities we can fix, and the greater security we can provide to our warfighters."
Eric Fanning
Former
Secretary of the Army
“What Hack the Pentagon validated is that there are large numbers of technologists and innovators who want to make a contribution to our nation's security, but lack a legal avenue to do so."
Ash Carter
Former
Secretary of Defense
“We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks. We know that. What we didn't fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference, who want to help keep our people and our nation safer."
Contact The VDP
View The 1 Pager
Learn More
Start A Bounty

Have A Question Before Getting Started?

Fill out the form below and we will get back to you as soon as possible.
All fields below are required. Do not submit any classified, CUI, or otherwise sensitive information.
Submitted! We will review and get back to you as soon as possible.
Oops! Something went wrong while submitting the form.