The Department of Homeland Security on Wednesday awarded three companies a potential $43.2 million contract for vulnerability assessment services, selecting BugCrowd, SecureSoft Technologies and Synack.

Under the Hack DHS: Crowdsourced Vulnerability Assessment Services program, the three companies’ vetted security researchers will look for cybersecurity gaps in the department’s networks and information systems.

DHS in 2018 began a pilot program to examine a bug bounty program, which is modeled on one used by the Department of Defense. Last December, Homeland Security Secretary Alejandro Mayorkas decided to make the Hack DHS program permanent.

The multiple-award, indefinite-delivery, indefinite-quantity contract has a one-year base period and four one-year options.

Synack, on its website, says “The appeal of a bug bounty program, which is one approach to crowdsourced testing, is to one-up traditional penetration testing approaches by having a multitude of ethical hackers make assessments with stronger incentives for hackers to find results, getting you closer to a true adversarial perspective.”