“The Department of Defense has been lauded as the first agency in the federal government to institute a bug bounty program. While limited in scope as compared to private-sector programs, Hack the Pentagon, as it’s known, sought to invite vetted hackers into its doors with the aim of discovering vulnerabilities within their websites and systems.”
Source: Why more agencies aren’t starting bug bounty programs