Pentagon considers continuous bug bounties that could test sensitive, private systems

FedScoop: The Pentagon is exploring a new contract to run longer, continuous bug bounty contests on a “full range” of its networks, including private systems.

The Defense Department is looking to partner with a commercial bug bounty company “to conduct crowdsourced vulnerability discovery and disclosure (CVDD) services across the full range of networks, systems, and information, including web applications, software, source code, and software-embedded devices across the whole Department of Defense,” it proposes in a request for information issued earlier this month. “Assets could include closed networks, software-embedded devices, proprietary source code, or other private or internal systems not generally accessible via the public Internet.”

Read article