The United States Department of Homeland Security (DHS) this week announced the launch of a bug bounty program focused on identifying vulnerabilities in its systems.
Only vetted cybersecurity researchers have been invited to the new ‘Hack DHS’ program, and they will be allowed to hunt for vulnerabilities in specific Department systems, so they can be addressed before malicious actors exploit them.
The program will run in three phases throughout Fiscal Year 2022, starting with the identification of vulnerabilities and moving into a live, in-person hacking event, followed by an assessment period during which DHS will review lessons learned.
Hack DHS will use a platform created by the Department’s Cybersecurity and Infrastructure Security Agency (CISA) and will be monitored by the DHS Office of the Chief Information Officer.
The researchers will report identified flaws to DHS system owners and leadership, providing details on the security defect itself, exploitation methods, and how it may lead to information leakage. Bug bounty rewards will be established based on the severity of the reported flaws – they will range between $500 and $5,000.
The Hack DHS bug bounty program is being launched four and a half years after a bill to establish it was announced, and three years after provisions by Senator Maggie Hassan (D-N.H.), Senator Rob Portman (R-Ohio), Rep. Ted Lieu (D-Calif.), and Rep. Scott Taylor (R-Va.) passed into law.
DHS launched a pilot bug bounty program in 2019. The U.S. government ran various other similar programs, including the Department of Defense’s ‘Hack the Pentagon‘, ‘Hack the Army‘, ‘Hack the Air Force‘, and others.
“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” said Secretary Alejandro N. Mayorkas. “The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation’s cybersecurity.”
Related: U.S. Government Announces ‘Hack the Army 3.0’ Bug Bounty Program
Related: Microsoft Adds Power Platform to Bug Bounty Program
Related: Switzerland Launches Bug Bounty Program for E-Voting Systems
More from Ionut Arghire
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- Chrome 111 Update Patches High-Severity Vulnerabilities
Latest News
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
