Crowdsourced security is now considered a “best practice” for the US government to protect the nation’s assets and services, thanks in large part to the US Department of Defense. The DoD first launched their landmark critical assets security program — “Hack the Pentagon” (FA2) — with Synack in 2016. The Hack the Pentagon program has shown enterprises and agencies alike that an organization can engage a crowd of top-tier ethical hackers to look for security vulnerabilities in a trusted, highly-controlled way.

Following the success of its partnerships with the military departments and civilian agencies over the past two years, Hack the Pentagon has expanded its crowdsourced security approach to award new security contracts, with Synack as an awardee, with increased scope and capacity to run bug bounty programs to further strengthen internal DoD assets. Synack is the market leader in crowdsourced security, owning >78% share of the federal crowdsourced security market.

Protecting American citizens and the high-value assets that support their day-to-day lives around the world is no easy task in the era of cyber warfare. The United States Department of Defense is charged with protecting some of the nation’s most sensitive digital assets and data. It comes as no surprise that attackers probe the Pentagon thousands to millions of times each day, looking for access points to the country’s most critical infrastructure and services

The DoD’s contract with Synack marked the first time that a crowdsourced group of ethical hackers tested internal sensitive systems of a US government agency. Over the course of the “Hack the Pentagon” private program with Synack, six critical systems were tested. In total, more than 100 highly trusted and highly skilled researchers around the globe contributed over 7,000 hours of combined testing. The top payout during the program was over $30,000 – the highest payout of any Hack the Pentagon assessment to-date.

Leveraging a controlled hacker-powered approach to testing sensitive assets, Synack and the DoD’s first Hack the Pentagon private challenge delivered a cost-effective way to harness the talent of hundreds of security experts to provide value to the Department. With a growing cyber talent gap and constrained resources, Synack’s crowdsourced model offered the additional talent, scale, speed, and insights needed to get a leg up against the adversary. Now, the Pentagon is announcing it is multiplying its investment in crowdsourced security over eight times. In addition to the raised funding ceiling, a new feature of the contract includes the ability to leverage the continuous assessment model for dynamic, high value systems.

“Finding innovative ways to identify vulnerabilities and strengthen security has never been more important,” said Chris Lynch, Director of the Defense Digital Service. “When our adversaries carry out malicious attacks, they don’t hold back and aren’t afraid to be creative. Expanding our crowdsourced security work allows us to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We’re excited to see the program continue to grow and deliver value across the Department.” The latest DoD Crowdsourced Vulnerability Discovery & Disclosure Services (CVDD) FA2 contract allows future collaboration between Synack and DoD to protect the Pentagon’s growing digital attack surface.

The success of Hack the Pentagon has paved the way for other federal agencies to adopt their own crowdsourced security initiatives. More than 10 pieces of legislation have been drafted in the last year in favor of utilizing crowdsourced security testing in the US government. The White House National Cyber Strategy and the DoD’s annual strategy published recently also encourage the use of crowdsourced security testing, beyond just bug bounty basics, to provide an adversarial perspective on organizations’ security risk.

The White House National Cyber Strategy said, “The United States Government will also promote regular testing…using best practices from forward-leaning industries. This includes promotion and use of coordinated vulnerability disclosure, crowd-sourced testing, and other innovative assessments that improve resiliency ahead of exploitation or attack.”

The DoD Cyber Strategy stated that, “The Department will continue to identify crowdsourcing opportunities, such as hack-a-thons and bug-bounties, in order to identify and mitigate vulnerabilities more effectively and to foster innovation.”

Government agency adoption of Synack’s secure crowdsourced penetration testing increased 9x in 2017, and the US Department of Defense continues to pave the way. “Crowdsourced security is gaining traction in the market, and now considered a best practice by the US government. Agencies across the government are increasingly looking to Synack’s crowdsourced security model for scalable, effective, and trusted testing.” Jay Kaplan, Co-Founder and CEO of Synack, comments. “In an industry that’s often seen as conservative and sluggish, we applaud the DoD for being bold leaders in adopting this innovation first.”

About Synack
Synack is the market leader in crowdsourced security, with >78% market share among federal agencies in 2017. Government agencies who choose Synack don’t have to compromise on effectiveness, efficiency, or control when they activate the crowd. By leveraging the world’s most trusted ethical hackers and an industry-leading platform, Synack finds and helps fix critical security issues before criminals can exploit them. Headquartered in Silicon Valley with regional offices around the world, Synack has protected over 100 global organizations by reducing companies’ security risk and increasing their resistance to cyber attack. For more information, please visit

Find article here: