Hack the Pentagon

Happy One-Year Anniversary

In November 2016, the Pentagon and Synack launched
the Defense Department’s first private bug bounty program.

The Program

The Hack the Pentagon program is pioneering a crowdsourced approach to securing the government’s digital assets. The DoD engaged Synack to lead this new initiative and provide real security where traditional methods have fallen short. This private, government-grade bug bounty and vulnerability disclosure program discovers and helps remediate critical vulnerabilities in the DoD’s sensitive internal systems before the adversary can attack.

The Target

Agencies use Synack to test their high-value assets that cannot afford to be hacked. Customers trust Synack to provide an adversarial perspective on their systems’ security that will uncover unknown vulnerability risk.

What our customers say:

hack the pentagon critical systems

“If there’s any element when you don’t have trust in that [system] pipeline, that undermines a lot of how the department works.”

US Army

“If this system were hacked, it could send a tank to the White House.”

US Air Force

“This system provides critical information to military and civilian users—it has to be bulletproof.”

Why Synack?

Synack provides “a private community of skilled and trusted researchers, diverse in skillset, and able to conduct both deep binary hacking, web-based attacks, reverse engineering, and network and system exploitation.”
—Department of Defense

#1 in trust

We recruit the top 10% of ethical hackers from around the world

#1 in trust

We find 33% more severe vulnerabilities than other methods, usually in less than 24 hours

#1 in value

We offer 53% higher ROI than a traditional pen test, with a >95% signal-to-noise ratio

 

Synack's private, government-grade bug bounty launched a series of firsts

First time DoD has partnered with a private, vetted crowd of hackers

First time the DoD invited ethical hackers in to test sensitive internal systems

First time the DoD was able to receive security analytics and begin remediating in real time

Our Hack the Pentagon Results Exceed All Expectations:

Expected Impact of Findings:
Low		 Actual Impact of Findings:
Critical—Discovered critical unknown vulnerabilities left undetected by traditional solutions
Expected Time to Find a Critical Vulnerability:
1 week		 Actual Time to Find a Critical Vulnerability:
4 hours—Enabled rapid action and remediation through triaging and reporting in real time
Expected # of Vulnerabilities Discovered:
Few		 Actual # of Vulnerabilities Discovered:
Dozens—Eliminated security team burden and maximized DoD efficiency by reproducing, validating, and prioritizing all vulnerabilities
“”
The professionalism of Synack and the partnership we have built during this program have provided immense value.
— Department of Defense Customer

Read More About the
Hack the Pentagon Program

US Army and Synack teach kids how to hack at DEF CON

Pentagon Hires Hackers to
Target Sensitive Internal Systems
Read the Article >

Join Synack in Louisville this year at DerbyCon 2017!

Why the Pentagon
wants people to hack it
Read the Article >

Vista Points: A View from the Top

Hack the Pentagon: Critical
Systems Results Revealed
Read the Blog >

 

Learn more about Synack Government
or contact government@synack.com

Interested in Giving Synack a Try?

Get Started Today
Synack Logo