Usually you will be into trouble if you get to hack into any military cyber security , but now the US Military is allowing hackers a chance to point out vulnerabilities in their online systems. The permission is granted through a military-wide applicable, a newly designed policy.
This new policy by the US Department of Defense has given green signal to hackers for testing their cyber skills, weapons and tools against any web-based property. The flip side is that only the web property that is owned and operated by the Defense Department is allowed to be exploited.
According to US Military researchers are required to “discover, test, and submit vulnerabilities or indicators of vulnerabilities” in accordance with the department’s guidelines and ground rules, which are as follows:
- Testing the system for identification or indication of a vulnerability
- Test after receiving information from the department regarding a vulnerability or identify and share vulnerability or indicator of vulnerability with the department
There is a particular set of Ten rules that the department wishes the researchers to abide by which can be read on the policy page. The announcement was was made public through Hackerone.com- a platform that helps organizations in managing and developing policies related to vulnerabilities and helps clients develop bug bounty programs to give rewards to researchers for identifying security flaws.
“Today the U.S. Department of Defense announced the DoD’s new Vulnerability Disclosure Policy (VDP) — outlining a legal avenue for any hacker to disclose vulnerabilities in any DoD public-facing systems”, read the announcement.