2 min read

‘Hack DHS’ Bug Bounty Program Invites Vetted Researchers to Find Security Flaws before Threat Actors Do

Filip TRUȚĂ

December 16, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
‘Hack DHS’ Bug Bounty Program Invites Vetted Researchers to Find Security Flaws before Threat Actors Do

The US Department of Homeland Security (DHS) has launched a bug bounty program in a bid to find and fix any security weaknesses in its systems. In typical bug-bounty format, researchers will win cash prizes proportional to the severity of the bugs found.

Piloted in 2019 as a result of provisions authored by several US senators, ‘Hack DHS’ seeks to “identify potential cybersecurity vulnerabilities within certain DHS systems and increase the Department’s cybersecurity resilience,” according to the fed’s announcement.

Cybersecurity is one of the DHS’s primary objectives, alongside other national threats like terrorism, border security, and disaster prevention. So Hack DHS only invites “vetted cybersecurity researchers to access select external systems [and] identify vulnerabilities that could be exploited by bad actors so they can be patched.”

“These hackers will be rewarded with payments (‘bounties’) for the bugs they identify […] The bounty for identifying each bug is determined by using a sliding scale, with hackers earning the highest bounties for identifying the most severe bugs,” it clarifies.

The announcement doesn't state actual prize sums. Typical bounties awarded in programs run by companies such as Google, Mozilla and Microsoft range from hundreds of dollars for mild bugs to tens of thousands for critical ones.

In the upcoming DHS program, white hat hackers will use a proprietary platform created by the Department’s Cybersecurity and Infrastructure Security Agency (CISA), with its own rules of engagement, management and monitoring by the DHS Office of the Chief Information Officer, according to the press release.

Researchers will disclose their findings to designated system owners and leaders, “including what the vulnerability is, how they exploited it, and how it might allow other actors to access information.”

In other words, participating hackers must offer a working proof of concept (PoC) for each vulnerability they uncover – again, typical of a bug bounty format.

‘Hack DHS’ is a three-phase program, unfolding across fiscal year 2022 as follows:

1. Researchers will conduct virtual assessments on certain DHS external systems

2. Participants will then chime in during a live, in-person hacking event

3. And finally, DHS will identify and review lessons learned, and plan for future bug bounties

The stated goal of phase 3 is to “develop a model that can be used by other organizations across every level of government to increase their own cybersecurity resilience.”

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read
Mozilla Says Many Health and Prayer Apps Are Pose Security Risks Mozilla Says Many Health and Prayer Apps Are Pose Security Risks
Silviu STAHIE

May 09, 2022

2 min read
$5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees $5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees
Silviu STAHIE

May 05, 2022

1 min read