2

DHS launches bug bounty program with payments of up to $5,000

 2 years ago
source link: https://siliconangle.com/2021/12/15/dhs-launches-bug-bounty-program-payments-5000/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

DHS launches bug bounty program with payments of up to $5,000

cisa.jpg
SECURITY

The U.S. Department of Homeland Security is offering payments of up to $5,000 under a bug bounty program called “Hack DHS.”

The bug bounty program is designed to identify potential cybersecurity vulnerabilities within certain DHS systems and to increase the department’s cybersecurity resilience. The bug bounty program is not a free-for-all, however, with only vetted cybersecurity researchers being invited to access select DHS systems that bad actors could exploit so they can be patched.

“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” DHS Secretary Alejandro N. Mayorkas said in a statement. “The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors.”

A normal bug bounty program would be ongoing and open to all, but this is the U.S. government, so anything like this is arguably a net positive versus doing nothing at all. The program will be run through the fiscal year 2022 with the goal of developing a model that can be used by other organizations across every level of government to increase their own cybersecurity resilience.

Phase one will involve “hackers” — by which they mean vetted cybersecurity professionals, conducting a virtual assessment on certain DHS external systems. Phase two will involve the so-called hackers participating in a live, in-person hacking event. The third and final phase will involve the DHS identifying and reviewing lessons learned and planning for future bug bounties.

Hack DHS will be run by the DHS Cybersecurity and Infrastructure Security Agency and will be governed by several rules on engagement. The program will be monitored by the DHS Office of the Chief Information Officer. Bug bounty payments will be determined on a sliding scale with the highest bounties being paid for the most severe bugs.

The bug bounty program is being run in conjunction with crowdsourced security platform company Bugcrowd Inc.

“As the Internet grows and cyber threats grow, the concept of ‘see something, say somethin’, first popularized by the DHS, becomes even more relevant in the digital realm,” Casey Ellis, founder and chief technology officer at Bugcrowd, told SiliconANGLE. “We’ve been advising a variety of government agencies for many years including the DHS, and we’ll be the platform partner for this program.”

It takes an “army of allies to outsmart an army of adversaries,” he added. “Even with an internal team as resourced and smart as the DHS, adding the collective creative of the good-faith hacker community helps DHS level the playing field against the adversary.”

Image: CISA

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.


About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK