The Defense Department is expanding its vulnerability disclosure program to cover all of its publicly available systems, including networks, frequency-based communication, industrial control systems and internet-of-things devices.
By Lauren C. Williams
May 06, 2021
The Defense Department is expanding its vulnerability disclosure program to cover all of its publicly available systems, including networks, frequency-based communication, industrial control systems and internet-of-things devices.
Sparked by the Defense Digital Service s 2016 Hack the Pentagon initiative, the program was initially restricted to public-facing websites and applications, which limited the number and kinds of vulnerabilities reported. DOD websites were only the beginning as they account for a fraction of our overall attack surface, said Kristopher Johnson, the director for the Pentagon s Cyber Crime Center, which oversees the program
The announcement comes after the center announced a defense industry-focused pilot of its bug bounty program in April. That yearlong pilot is expected to build on lessons from the original vulnerability disclosure program, which has uncovered more than 29,000 vulnerabilities since its launch, accor
The vulnerability disclosure program, which was started from the Defense Digital Service s 2016 Hack the Pentagon initiative, was initially restricted to public-facing websites and applications.
By Lauren C. Williams
White hat hackers will get even more opportunities to poke around the Defense Department for vulnerabilities now that it has expanded its bug bounty program to include all of its publicly available information systems.
The vulnerability disclosure program, which was started from the Defense Digital Service s 2016 Hack the Pentagon initiative, was initially restricted to public-facing websites and applications.
Now, the program will now include networks, frequency-based communication, industrial control systems, internet of things devices among other systems available to the public, DOD announced.
The Defense Department has been steadily expanding its capabilities to sniff out cyber vulnerabilities that could be plaguing its systems across the services, and when it comes to testing experimental hardware.
POLITICO
Get the Weekly Cybersecurity newsletter
Email
Sign Up
By signing up you agree to receive email newsletters or updates from POLITICO and you agree to our privacy policy and terms of service. You can unsubscribe at any time and you can contact us here. This sign-up form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
04/05/2021 10:00 AM EDT
Editor’s Note: Weekly Cybersecurity is a weekly version of POLITICO Pro’s daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day’s biggest stories. Act on the news with POLITICO Pro.