The United States Department of Defense (DoD) this week announced the launch of a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base (DIB) contractor networks.
Running as a pilot, the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) covers participating DoD contractor partner’s information systems and web properties, as well as other assets within scope, and is separate from the DoD vulnerability disclosure program that already runs on HackerOne.
As part of the DIB-VDP Pilot, DoD invites the HackerOne community to remotely test the participating DoD contractors’ assets and report on any identified vulnerabilities.
Interested researchers, however, are prohibited from doing any harm to the vulnerable systems, from accessing or exfiltrating data, from compromising the privacy or safety of DoD or the contractor, as well as from sharing any information with third parties.
“Any information submitted to the DIB-VDP under this program will be used for defensive purposes – to mitigate or remediate vulnerabilities in DoD contractor information systems, networks, or applications. This research is not contributing to offensive tools or capabilities,” the program’s policy reads.
Researchers looking to participate are encouraged to read the provided guidelines and glance over the assets that are within scope of the program, as well as over the rest of the terms and conditions of the DIB-VDP.
The DIB-VDP Pilot is a voluntary event that will run for 12 months.
Related: U.S. Gov Announces ‘Hack the Army 3.0’ Bug Bounty Program
Related: HackerOne Paid Out Over $107 Million in Bug Bounties
Related: Hackers Earn $275,000 for Vulns in U.S. Army Systems

More from Ionut Arghire
- Google Leads $16 Million Investment in Dope.security
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
