- Windscribe VPN review: A flexible and free VPN
- One of my favorite foldables brings the flip phone back in the best way (and it's $200 off)
- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty
Over 50,000 vulnerabilities have been submitted to the US Department of Defense (DoD) through its vulnerability disclosure program (VDP).
The DoD Cyber Crime Center (DC3) reported on March 15, 2024, that it processed its 50,000th vulnerability since introducing its crowd-sourced ethical hacking scheme in November 2016.
Unlike other bug bounty efforts, DC3’s VDP is a continuous scheme welcoming ethical hackers to find vulnerabilities within US military IT systems and report them to the DoD.
Its launch in November 2016 followed a successful ‘Hack the Pentagon’ bug bounty program running on HackerOne.
In 2018, DC3 introduced a new reporting system within VDP known as the Vulnerability Report Management Network. It allows DC3 to automate, track, and process all reporting, creating a much more efficient process.
“The program’s advancement has enabled VDP to expand their mitigative scope to not only process findings on DoD websites and applications, but to include all publicly accessible and/or available information technology assets owned and operated by the Joint Force Headquarters DoD Information Network,” DC3 explained in a public statement.
In 2021, DC3 and the Defense Counterintelligence and Security Agency partnered to create a 12-month pilot program dedicated to hunting bugs within the systems of small to medium organizations participating in the Defense Industrial Base (DIBCOs).
This initiative allowed DC3 to process 1019 vulnerability reports. “[It] saved taxpayers an estimated $61m by discovering and remediating more than 400 active vulnerabilities and Controlled Unclassified Information exfiltration threats by adversaries on DIB participants’ public-facing assets,” noted DC3.
The pilot program earned DC3 the prestigious DoD Chief Information Officer Annual Award.
Meanwhile, the DoD has continued running standalone bug bounty programs in collaboration with HackerOne, Bugcrowd and Synack, including ‘Hack the Pentagon’ competition covering other departments such as the Air Force, the Marine Corps, the Army, and Defense Travel System assets.
