1 min read

US DOD Expands Vulnerability Bounty Program to Encompass Networks, IoT, More

Silviu STAHIE

May 12, 2021

US DOD Expands Vulnerability Bounty Program to Encompass Networks, IoT, More

The Department of Defense (DOD) has announced its Vulnerability Disclosure Program will expand to envelop all publicly accessible DOD information systems, including IoT devices.

The DOD Vulnerability Policy has been in force since 2016, but it only covered DOD public-facing websites and applications, until now. In the meantime, the world became a much more complicated place, as networks, new IoT devices and other types of hardware have permeated all levels of administration, creating a much larger attack surface.

“The original policy was limited to DOD public-facing websites and applications,” said Brett Goldstein, the director of the Defense Digital Service. “The expansion announced today allows for research and reporting of vulnerabilities related to all DOD publicly-accessible networks, frequency-based communication, Internet of Things, industrial control systems, and more.”

Knowing about possible vulnerabilities ahead of time is critical for attack prevention. Private enterprises already know this and have their own bounty programs designed to weed out vulnerabilities before they become a liability for companies.

The DOD will deploy the same kind of bounty program to try to secure their networks and devices against possible attacks.

“Since the Vulnerability Disclosure Program’s launch, hackers have submitted more than 29,000 vulnerability reports, with more than 70 percent of them determined to be valid, officials,” the DOD official said.

With the drastic expansion of the bounty program, the number of vulnerabilities is expected to increase dramatically, along with the attack surface.

The announcement comes close to one of the most significant cyberattacks in history. One of the largest fuel pipeline operators in the US, Colonial Pipeline, was the target of a massive attack that affected the fuel supply of the entire US East Coast.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Researcher Publishes Proof-of-Concept Code and Details for Three Zero-Day iOS 15 Vulnerabilities Researcher Publishes Proof-of-Concept Code and Details for Three Zero-Day iOS 15 Vulnerabilities
Silviu STAHIE

September 24, 2021

1 min read
Microsoft Finds Large Phishing-as-a-Service Operation Selling Over 100 Kits Microsoft Finds Large Phishing-as-a-Service Operation Selling Over 100 Kits
Silviu STAHIE

September 24, 2021

1 min read
US Targets Major Crypto Exchange with Sanctions US Targets Major Crypto Exchange with Sanctions
Silviu STAHIE

September 24, 2021

1 min read