Site icon TechNewsBoy.com

Hack DHS: Homeland Security’s first bug bounty turns up 122 vulnerabilities | ZDNet

The US Department of Homeland Security (DHS)’s first bug bounty with external researchers called “Hack DHS” helped discover 122 vulnerabilities. 

DHS announced the Hack DHS bounty in December and in phase one of the program invited more than 450 “vetted security researchers” to get involved. DHS suggests the program produced solid results: 27 or about 22% of the 122 vulnerabilities participants found were deemed “critical”. 

DHS offered participants between $500 and $5,000 per discovered vulnerability and in total awarded $125,600 for verified security flaws. It was the first federal agency to amend its bug bounty program to include Log4J flaws across all public-facing information system assets. This allowed it to identify and close vulnerabilities not surfaced through other means besides the bounty, the DHS said. It doesn’t say how many of the flaws were related to Log4J or how many of the identified bugs were eligible for the $5,000 award.

This bug bounty invited approved hackers run a virtual assessment on select DHS systems. It concludes the first of DHS’ three phase program. The second phase invites security researchers to join a live, in-person hacking event, while the third phase will be used by DHS to collect lessons that inform future bug bounty programs. 

CISA created the bug bounty platform used by Hack DHS while the DHS Office of the Chief Information Officer (CIO) governed and monitored rules of engagement.    

“The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited,” said DHS CIO Eric Hysen. 

“We look forward to further strengthening our relationship with the researcher community as Hack DHS progresses.” 

Hack DHS follows similar bounty programs like “Hack the Pentagon,” a first-of-its-kind program launched in 2016 that helped uncover 100 vulnerabilities across various Defense Department assets. It followed related bug bounty efforts from the Department of Defense, Air Force, and Army. 

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version