Defense Dept Drops Legal Threat On Hackers Who Report Bugs

In an effort to improve the Pentagon’s unclassified, public-facing networks, the Defense Department this week unveiled a new policy that would allow hackers to report bugs or flaws without fear of prosecution. The Army also opened registration this week for Hack the Army, an effort to allow hackers and researchers to scour Army websites looking for software flaws. In the past, such reporting could lead to charges under the Computer Fraud and Abuse Act. “This is a historic moment for hackers and the U.S. government,” Katie Moussouris, founder of Luta Security, told the Washington Post. “For the first time since hacking became a felony offense over 30 years ago, the Department of Defense has now opened the doors for ongoing vulnerability disclosure from helpful hackers who want to help secure these systems without fear of legal prosecution.” The new policy grew out of a Hack the Pentagon event held earlier this year, in which about 250 people found and submitted flaws in Pentagon sites. In recent years, Pentagon email systems have been infiltrated, including that of the Secretary of Defense and the Joint Chiefs of Staff. In 2008, the department’s classified network was compromised in an operation thought to have Russian ties.