GovInfoSecurity
Compliance Twitter
Photo: Department of Defense
The Department of Defense will expand its vulnerability disclosure program in the coming months, inviting ethical hackers to find flaws in a wider array of systems and applications within the Pentagon s public-facing networks.
The Hack the Pentagon program was launched in 2016 to encourage ethical hackers and security researchers to find flaws in public-facing Defense Department applications and websites. The program is overseen by the DOD Cyber Crime Center.
Now, the Pentagon is expanding the program to include all publicly accessible Defense Department systems, which includes IoT devices, industrial control systems, networks and frequency-based communication systems.
This expansion is a testament to transforming the government s approach to security and leapfrogging the current state of technology within DOD, he said.
Before the program’s launch, researchers had no way of reporting bugs they found in publicly accessible DoD systems.
“Because of this, many vulnerabilities went unreported, said Goldstein. The DOD Vulnerability Policy launched in 2016 because we demonstrated the efficacy of working with the hacker community and even hiring hackers to find and fix vulnerabilities in systems.
Since the launch of the Vulnerability Disclosure Program, security researchers have submitted over 29,000 vulnerability reports. Officials said that over 70% of them were determined to be valid.
By Ionut Arghire on May 05, 2021
The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems.
The program has been running on HackerOne since 2016 when the DOD’s Hack the Pentagon initiative was launched and provides security researchers with means to engage with the DOD when they identify vulnerabilities in the department’s public-facing websites and applications.
As part of the expanded scope, vulnerability hunters can probe all of DOD’s publicly-accessible networks, along with industrial control systems, frequency-based communication, and Internet of Things assets, among others.
POLITICO
Get the Weekly Cybersecurity newsletter
Email
Sign Up
By signing up you agree to receive email newsletters or updates from POLITICO and you agree to our privacy policy and terms of service. You can unsubscribe at any time and you can contact us here. This sign-up form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
04/05/2021 10:00 AM EDT
Editor’s Note: Weekly Cybersecurity is a weekly version of POLITICO Pro’s daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day’s biggest stories. Act on the news with POLITICO Pro.