Happy One-Year Anniversary
In November 2016, the Pentagon and Synack launched
the Defense Department’s first private bug bounty program.
The Hack the Pentagon program is pioneering a crowdsourced approach to securing the government’s digital assets. The DoD engaged Synack to lead this new initiative and provide real security where traditional methods have fallen short. This private, government-grade bug bounty and vulnerability disclosure program discovers and helps remediate critical vulnerabilities in the DoD’s sensitive internal systems before the adversary can attack.
Agencies use Synack to test their high-value assets that cannot afford to be hacked. Customers trust Synack to provide an adversarial perspective on their systems’ security that will uncover unknown vulnerability risk.
What our customers say:
“If there’s any element when you don’t have trust in that [system] pipeline, that undermines a lot of how the department works.”
Synack provides “a private community of skilled and trusted researchers, diverse in skillset, and able to conduct both deep binary hacking, web-based attacks, reverse engineering, and network and system exploitation.”
—Department of Defense
We recruit the top 10% of ethical hackers from around the world
We find 33% more severe vulnerabilities than other methods, usually in less than 24 hours
We offer 53% higher ROI than a traditional pen test, with a >95% signal-to-noise ratio
Synack's private, government-grade bug bounty launched a series of firsts
First time DoD has partnered with a private, vetted crowd of hackers
First time the DoD invited ethical hackers in to test sensitive internal systems
First time the DoD was able to receive security analytics and begin remediating in real time
Expected Impact of Findings: Low |
Actual Impact of Findings: Critical—Discovered critical unknown vulnerabilities left undetected by traditional solutions |
Expected Time to Find a Critical Vulnerability: 1 week |
Actual Time to Find a Critical Vulnerability: 4 hours—Enabled rapid action and remediation through triaging and reporting in real time |
Expected # of Vulnerabilities Discovered: Few |
Actual # of Vulnerabilities Discovered: Dozens—Eliminated security team burden and maximized DoD efficiency by reproducing, validating, and prioritizing all vulnerabilities |
“”The professionalism of Synack and the partnership we have built during this program have provided immense value.— Department of Defense Customer
Pentagon Hires Hackers to
Target Sensitive Internal Systems
Read the Article >
Why the Pentagon
wants people to hack it
Read the Article >
Hack the Pentagon: Critical
Systems Results Revealed
Read the Blog >
Learn more about Synack Government
or contact government@synack.com