Serviceteam IT Security News

The United States Department of Defense (DOD) has expanded its ethical hacking program to include more targets.

DoD officials announced yesterday that the Department’s Vulnerability Disclosure Program will be broadened to include all publicly accessible DOD information systems.

Bug hunters were first invited to engage with the DOD in 2016 when the initiative ‘Hack the Pentagon’ was launched. Through this initiative, the Defense Digital Service set up a bug bounty program to reward ethical hackers for identifying flaws in the Department’s digital defenses.

Director of the Defense Digital Service Brett Goldstein said that before the initiative was introduced, ethical hackers who discovered a vulnerability had no way of communicating their findings to the DOD.

“Because of this, many vulnerabilities went unreported,” said Goldstein.

He added: “The DOD Vulnerability Policy launched in 2016 because we demonstrated the efficacy of working with the hacker community and even hiring hackers to find and fix vulnerabilities in systems.”

When the vulnerability hunting policy was first established, it was limited to DOD public-facing applications and websites.

Goldstein said that the newly announced expansion will allow for research and reporting of vulnerabilities detected in all DOD publicly accessible networks, Internet of Things, industrial control systems, frequency-based communication, and more.

“This expansion is a testament to transforming the government’s approach to security and leapfrogging the current state of technology within DOD,” said the director.

The expanded Vulnerability Disclosure program will continue to be overseen by the DOD’s Cyber Crime Center. Growing it to catch more vulnerabilities and improve cybersecurity was an obvious and sensible progression, according to program director Kristopher Johnson.

He said: “The department has always maintained the perspective that DOD websites were only the beginning as they account for a fraction of our overall attack surface,” he said.

Ethical hackers have submitted more than 29,000 vulnerability reports through the Vulnerability Disclosure Program since it was launched. Johnson said that over 70% of those reported weaknesses proved to be valid.

The program director said that he expects the number of disclosures reported by the security researcher community to increase significantly with the expansion of the program, which was last extended in 2018.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply