While no sensitive systems were included, the program turned out to be worthwhile, as over 1,400 security researchers contributed to the pilot program.
In total, 138 vulnerabilities submitted were considered to be "legitimate, unique and eligible for a bounty," Defense Secretary Ash Carter says. Payouts ranging from approximately $100 to $15,000 were awarded by the agency.
According to Carter, the program was a "considerable success" and has allowed the department to "build stronger bridges to innovative citizens who want to make a difference to our defense mission."
The program cost the US DoD $150,000 -- but hiring a security firm to conduct the same tests and find vulnerabilities would have raised the bill to over $1 million.
As a more cost-effective alternative, the US government has decided to expand the Hack the Pentagon scheme. Originally, the bug bounty program only covered five public-facing websites: defense.gov, dodlive.mil, dvidshub.net, myafn.net and dimoc.mil, however, the DoD has announced plans to include "other parts of the department" in the near future.
A DoD spokesperson said:
"Although the pilot was a success, it only tested the crowdsourced security concept against public-facing websites. We believe the concept will be successful when applied to many or all of DoD's other security challenges."