The Defense Department is expanding its vulnerability disclosure program to cover all of its publicly available systems, including networks, frequency-based communication, industrial control systems and internet-of-things devices.
DOD Expands Hacker Program
The United States Department of Defense (DOD) has expanded its ethical hacking program to include more targets.
DoD officials announced yesterday that the Department s Vulnerability Disclosure Program will be broadened to include all publicly accessible DOD information systems.
Bug hunters were first invited to engage with the DOD in 2016 when the initiative Hack the Pentagon was launched. Through this initiative, the Defense Digital Service set up a bug bounty program to reward ethical hackers for identifying flaws in the Department s digital defenses.
Director of the Defense Digital Service Brett Goldstein said that before the initiative was introduced, ethical hackers who discovered a vulnerability had no way of communicating their findings to the DOD.
GovInfoSecurity
Compliance Twitter
Photo: Department of Defense
The Department of Defense will expand its vulnerability disclosure program in the coming months, inviting ethical hackers to find flaws in a wider array of systems and applications within the Pentagon s public-facing networks.
The Hack the Pentagon program was launched in 2016 to encourage ethical hackers and security researchers to find flaws in public-facing Defense Department applications and websites. The program is overseen by the DOD Cyber Crime Center.
Now, the Pentagon is expanding the program to include all publicly accessible Defense Department systems, which includes IoT devices, industrial control systems, networks and frequency-based communication systems.
By Lauren C. Williams
May 06, 2021
The Defense Department is expanding its vulnerability disclosure program to cover all of its publicly available systems, including networks, frequency-based communication, industrial control systems and internet-of-things devices.
Sparked by the Defense Digital Service s 2016 Hack the Pentagon initiative, the program was initially restricted to public-facing websites and applications, which limited the number and kinds of vulnerabilities reported. DOD websites were only the beginning as they account for a fraction of our overall attack surface, said Kristopher Johnson, the director for the Pentagon s Cyber Crime Center, which oversees the program
The announcement comes after the center announced a defense industry-focused pilot of its bug bounty program in April. That yearlong pilot is expected to build on lessons from the original vulnerability disclosure program, which has uncovered more than 29,000 vulnerabilities since its launch, accor
The Pentagon announced Tuesday that it is expanding its Vulnerability Disclosure Program to include all publicly accessible information systems in the Defense Department.