WASHINGTON (Sputnik) – According to the statement, researchers are allowed to attempt to breach any public-facing website owned, operated or controlled by the department, including applications hosted on those sites.
"The security researcher community regularly makes valuable contributions to the security of organizations and the broader Internet, and DOD recognizes that fostering a close relationship with the community will help improve our own security," the release stated.
The policy also sets restrictions for research, such as limiting the exploitation of a cyber vulnerability to the minimal amount of testing needed to prove a weakness exists, the release explained. No exfiltration, or secret transfer, of data is allowed under any circumstances, the policy states.
