An official website of the United States government. Here's how you know ⇣

For Security Researchers

Independent security researchers, aka white hat hackers, are the heart of the Hack the Pentagon program. We welcome your engagement in our bug bounties by working through our vendor partners.

Below you will find further information on DoD policy, working with our vendors*, and submitting an issue through the VDP program.

*DDS/CDAO do not have any involvement in this process

DoD Policy On Bug Bounties

We use reports submitted by security researchers exclusively to find and remediate vulnerabilities to improve the defense of DoD networks and applications.

See Policy

How Do I Get Involved?

How To Get Started As A Researcher

Work With Our Vendors
We are excited that you would like to partner with us. The best way to get started is to sign-up with a vendor in the crowdsourced vulnerability area.* Some US vendors** we work with include:
*DDS/CDAO do not have any involvement in this process, researchers work directly with our vendors

**Vendor listings may change at any time and do not reflect endorsement by the Department of Defense or the United States Government

How To Submit A Vulnerability Outside The HTP Program

The DoD Has It's Own Vulnerability Disclosure Program (VDP) Via DC3

Please Report Here
The DoD’s Defense Cyber Crime Center (DC3) operates the Vulnerability Disclosure Program. Use the button below to submit an issue to the DC3 VDP.*
*DDS/CDAO do not have any involvement in this process
Report Here

For DoD Partners

For Vendors

For Security Researchers

In The Press

About Us

DoD Policy

The Bounty Playbook

Start A Bounty

About The DoD

FOIA

Information Quality

No FEAR Act

Open Govt.

Plain Writing Act

USA.gov

Privacy Program