DoD announced the results of the Hack US bug bounty challengeSecurity Affairs

The Department of Defense (DoD) shared the results of its Hack US bug bounty program in July.

On July 4, 2022, the Department of Defense (DoD) and HackerOne launched Hack US, a one-week bug bounty challenge considered part of the DoD’s Vulnerability Disclosure Program (VDP).

The challenge was launched by the Chief Digital and Artificial Intelligence Office (CDAO), Directate for Digital Services (DDS), DoD Cyber Crime Center (DC3) and HackerOne.

The initiative’s goal is to engage white hackers in reporting vulnerabilities in government infrastructure and fix them to increase resilience.

Now the Department of Defense (DoD) Share Hack US Bug Bounty Challenge Results,

The DoD paid a total of $75,000 in compensation for submitted vulnerability reports and a $35,000 bonus in compensation.

According to a U.S. government agency, 267 ethical hackers took part in the challenge, 139 of them first participated in the DoD’s VDP.

“In just 7 days, Hack US ethical hackers have submitted 648 reports, including numerous reports that would be considered critical if not identified and fixed during this bug bounty challenge.” said Melissa Vice, VDP Director.. “This bounty challenge demonstrates the added value of leveraging subject matter expertise in an incentivized manner.”

white hat hacker submission 648 reportOf those, 349 are actionable reports.

The main vulnerabilities reported by participants are information disclosure, improper access, and general SQL injection.

“By identifying vulnerability trends, we can create new processes and system scans to find detection patterns, ultimately address root causes and develop additional mitigations for malicious actors attempting to exploit our systems,” Vice adds.

“We need to be two steps ahead of malicious actors,” Katie Olson Savage, deputy director of digital and artificial intelligence and head of defense digital services, said in a statement. “This crowdsourced security approach is a key step in identifying and addressing potential gaps in the attack surface,” she said.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(security work – Hacking, Hacking USA)

Source

DoD announced the results of the Hack US bug bounty challengeSecurity Affairs

The Department of Defense (DoD) shared the results of its Hack US bug bounty program in July.

share

CISO to BISO – What’s your next role?

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day – Naked Security

A flaw in OpenSSH forwarded ssh-agent allows remote code executionSecurity Affairs

Experts warn of OSS supply chain attacks on the banking sectorSecurity Affairs

CISO to BISO – What’s your next role?

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day – Naked Security

A flaw in OpenSSH forwarded ssh-agent allows remote code executionSecurity Affairs

Experts warn of OSS supply chain attacks on the banking sectorSecurity Affairs

Editor Picks

$43 billion stolen through Business Email Compromise since 2016

Red teaming – 5 tips on how to do it safely

Boris Johnson’s WhatsApps, and sextorting party girls • Graham Cluley

Must read

18 cybersecurity startups to watch

Microsoft’s Autopatch feature improves the patch management processSecurity Affairs

Not Feeling it Tonight? Here’s The Ultimate List of Safe Porn Sites.

Popular categories