
U.S. military invites vetted experts to 'Hack the Pentagon' - stephenhuey
http://www.reuters.com/article/us-usa-cyber-pentagon-idUSKCN0W40H8
======
nanocyber
What could possibly go wrong? :D

I do think this is an interesting effort, and I've met Chris Lynch in his DDS
capacity. It's terribly interesting to see a Senior Executive government
employee with Silicon Valley cred, who wears hoodies/jeans/sneakers to meet
Admirals and Generals, who are (in terms of rank equivalency) his peers.
Literally the first time I've seen someone knuckle-bump an Admiral rather than
shake his hand after a meeting.

I think there is some value in this culture-clash/disruption, but I also know
of some government-employed very skillful hackers who resent the assumption
that non-government hackers are by-default more skillful than them.

~~~
lynchseattle
_fist bump_

~~~
nanocyber
LoLs! I stand corrected! :)

------
nickpsecurity
I'm going for firmware and processor errata if they let me in on this. Their
failure will be so expensive that I'll finally have the numbers to justify
either semi-custom work from Intel/AMD for legacy or a multi-core, secure
RISC-V. :)

------
TACIXAT
Is there any info on where to sign up?

Edit: From the press release:

The pilot program will launch in April and the department will provide more
details on requirements for participation and other ground rules in the coming
weeks.

[http://www.defense.gov/News/News-Releases/News-Release-
View/...](http://www.defense.gov/News/News-Releases/News-Release-
View/Article/684106/statement-by-pentagon-press-secretary-peter-cook-on-dods-
hack-the-pentagon-cybe)

------
tantalor
From the "what, they weren't doing that already?" department.

~~~
starshadowx2
They had their own internal groups, but this is now open to external
pentesters.

~~~
hanniabu
Pentesters, I like the term. Clever combination

~~~
na85
Works better than Testagons.

~~~
pvaldes
"Testagons" is even better, a jewel. Testa (= Head) + Gone

This is a word that wants to be discovered. Practical example: "Hi, we call
from the medicus mundi hospital, some of your damned testagons are bombing us
again". Pure gold for journalists.

------
mtgx
How about "Hack the OPM"? Let's start with the easy stuff first.

------
dj-wonk
> Details and rules were still being worked out but the competition could
> involve monetary awards, the Pentagon said.

What do you all think are some decent choices for details and rules?

~~~
toast0
If you find Tic Tac Toe and Chess, it's OK to play those; if you find Global
Thermonuclear War, it's not OK to play that.

~~~
junto
"The only winning move is not to play."

------
Joof
Soon nearly every pentagon employee will be social-engineered and compromised.
People will begin to believe that every single system they access is a MITM or
phishing attempt.

~~~
Bluestrike2
Probably better than the alternative, since they'd at least be thinking about
security as something more than an abstract "thing." If that. Then they just
need to take that fear and find a way to funnel it into proper security
education without that fear becoming crippling.

------
oxide
I'm glad this is being implemented and not just considered.

------
dajohnson89
So basically they're crowdsourcing penetration testing.

~~~
alfiedotwtf
That's called "being on the internet"

~~~
fabulist
It's also called bug bounties (see Hacker1, BugCrowd, synack)

