CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

DOD Expands Vulnerability Disclosure Program to Web-Facing Targets

The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems.

The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems.

The program has been running on HackerOne since 2016 when the DOD’s Hack the Pentagon initiative was launched and provides security researchers with means to engage with the DOD when they identify vulnerabilities in the department’s public-facing websites and applications.


As part of the expanded scope, vulnerability hunters can probe all of DOD’s publicly-accessible networks, along with industrial control systems, frequency-based communication, and Internet of Things assets, among others.


“This expansion is a testament to transforming the government’s approach to security and leapfrogging the current state of technology within DOD,” Brett Goldstein, the director of the Defense Digital Service, said.


The bug bounty program is monitored by the DOD Cyber Crime Center and has received more than 29,000 vulnerability reports since its inception in 2016. More than 70% of these reports were found to be valid, the DOD says.

Advertisement. Scroll to continue reading.


As hackers begin to identify vulnerabilities that could not be reported before, DOD expects to see a sharp increase in the number of submissions.


The expansion comes roughly one month after DOD launched the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) pilot on HackerOne, seeking to identify vulnerabilities in participating DoD contractors’ assets.


Related: NSA Publishes Cybersecurity Year in Review Report


Related: GAO Criticizes Pentagon Over Cyber Hygiene Efforts

Related: U.S. Gov Announces ‘Hack the Army 3.0’ Bug Bounty Program

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.