'Hack DHS' Bug Bounty Program Identifies 122 Cybersecurity Vulnerabilities

WASHINGTON (Sputnik) - The now-concluded bug bounty program to test the defenses of the Department of Homeland Security’s (DHS) cybersecurity infrastructure revealed 122 openings and flaws that IT specialists can close and fix, DHS officials said in a press release.
Sputnik
“Today, the Department of Homeland Security (DHS) announced the results of its first bug bounty program,” the release said on Friday. “Through the ‘Hack DHS’ program, vetted cybersecurity researchers and ethical hackers are invited to identify potential cybersecurity vulnerabilities in select external DHS systems.”
The DHS explained in the release that in the first phase of this program, more than 450 vetted security researchers identified 122 vulnerabilities, of which 27 were determined to be critical.
Participants in the bug bounty program were paid $125,600 to find and identify existing vulnerabilities, the release said.
DHS is the first federal agency to expand its bug bounty program to find and report vulnerabilities across all public-facing information system assets, the release said.
The goal of “Hack DHS,” which was launched in December 2021, is to develop a prototype that can be used by other government agencies and organizations spreading across of government so that each entity can strengthen the resilience of their cybersecurity architecture, the release also said.
During the second phase of the three-phase program, the vetted cybersecurity researchers and ethical hackers will participate in a live, in-person hacking event, the release added.
However, during the third and final phase, DHS will identify lessons officials and staff have learned and intent to apply to bug bounty programs they host in the future, according to the release.
Discuss