The Pentagon has a bug bounty problem that can best be summed up with: the Pentagon is cheap.
Bug bounties are monetary incentives companies and organizations pay out to ethical hackers that discover and report vulnerabilities before they can be exploited. The Pentagon has its own bug bounty program, but it doesn’t pay out very much.
According to The Register, at its recent Hack US program, conducted in conjunction with HackerOne, the Pentagon only paid out $75,000 in bounties and an additional $35,000 in bonuses and awards. The Pentagon committed to paying $1,000 for critical bugs, with $5,000 being the highest possible reward.
Compared to the bounties tech companies pay, the Pentagon’s bug bounty budget is downright anemic. As The Register points out, Microsoft has paid out as much as $200,000 for a single bounty.
Given the sensitive nature of the information the Pentagon protects, not to mention how much it can afford to pay on physical equipment, one would think it would loosen the purse strings a bit.