https://www.rallypoint.com/answers/does-should-the-military-reward-sm-s-veterans-money-for-finding-vulnerabilities-in-a-network <div class="images-v2-count-0"></div>Most enterprise companies have a bug bounty program, paying non-employees to attempt to gather "non public" info to test system security. Should the DoD be doing the same thing, or do you think this would be a terrible idea? <br /><br />These tests are a more cost effective way to find any holes in the system that could end up really bad if not found by a "White hat". Fri, 18 Mar 2016 07:53:31 -0400 https://www.rallypoint.com/answers/does-should-the-military-reward-sm-s-veterans-money-for-finding-vulnerabilities-in-a-network <div class="images-v2-count-0"></div>Most enterprise companies have a bug bounty program, paying non-employees to attempt to gather "non public" info to test system security. Should the DoD be doing the same thing, or do you think this would be a terrible idea? <br /><br />These tests are a more cost effective way to find any holes in the system that could end up really bad if not found by a "White hat". SPC(P) Private RallyPoint Member Fri, 18 Mar 2016 07:53:31 -0400 2016-03-18T07:53:31-04:00 https://www.rallypoint.com/answers/does-should-the-military-reward-sm-s-veterans-money-for-finding-vulnerabilities-in-a-network?n=1387521&urlhash=1387521 <div class="images-v2-count-0"></div>Btw anyone interested in such bug bounty programs to make $500 upwards to $1,000,000, look up sites on Google (read reviews if you're paranoid lol) hackerone and bugcrowd SPC(P) Private RallyPoint Member Fri, 18 Mar 2016 07:57:27 -0400 2016-03-18T07:57:27-04:00 https://www.rallypoint.com/answers/does-should-the-military-reward-sm-s-veterans-money-for-finding-vulnerabilities-in-a-network?n=1387773&urlhash=1387773 <div class="images-v2-count-0"></div>This would be a great idea IF we spent time and money fixing the problems we already know about. since we do not, this would just make more issues more commonly known and still leave them unaddressed. SSG Ed Mikus Fri, 18 Mar 2016 10:20:53 -0400 2016-03-18T10:20:53-04:00 https://www.rallypoint.com/answers/does-should-the-military-reward-sm-s-veterans-money-for-finding-vulnerabilities-in-a-network?n=1388014&urlhash=1388014 <div class="images-v2-count-0"></div>We are not a profit making company. I do not want untrained and unqualified people running security tests on our military networks. This is what we're forming the Cyber Ops Squadrons. Maj Kevin "Mac" McLaughlin Fri, 18 Mar 2016 11:58:09 -0400 2016-03-18T11:58:09-04:00 https://www.rallypoint.com/answers/does-should-the-military-reward-sm-s-veterans-money-for-finding-vulnerabilities-in-a-network?n=1388180&urlhash=1388180 <div class="images-v2-count-0"></div>SANS Critical Security Control # 20: Penetration Tests and Red Team Exercises<br />If we won't conduct it ourselves we should pay someone else but not make it a wild, wild, West where we have no idea where/when/how the attacks are conducted. Nothing wrong with discovering vulnerabilities but we need know when testing is happening.<br />Also, how would you keep an insider from gaming the system like the recruiters did when making tens of thousands using the G-RAP program? CW5 Private RallyPoint Member Fri, 18 Mar 2016 13:09:31 -0400 2016-03-18T13:09:31-04:00 2016-03-18T07:53:31-04:00