DOD expands bug bounty program to public networks, systems
- By Lauren C. Williams
- May 04, 2021
White hat hackers will get even more opportunities to poke around the Defense Department for vulnerabilities now that it has expanded its bug bounty program to include all of its publicly available information systems.
The vulnerability disclosure program, which was started from the Defense Digital Service's 2016 Hack the Pentagon initiative, was initially restricted to public-facing websites and applications.
Now, the program will now include networks, frequency-based communication, industrial control systems, internet of things devices among other systems available to the public, DOD announced.
The Defense Department has been steadily expanding its capabilities to sniff out cyber vulnerabilities that could be plaguing its systems across the services, and when it comes to testing experimental hardware.
Kristopher Johnson, the director for the Pentagon's Cyber Crime Center, which oversees the program, said in a statement that "DOD websites were only the beginning as they account for a fraction of our overall attack surface."
The announcement comes after the center announced a defense industry-focused pilot of its bug bounty program in April. That yearlong pilot is expected to build on lessons from the original vulnerability disclosure program, which has found more than 29,000 vulnerabilities since its launch, according to a recent report.
So far, it has garnered more than 350 vulnerability reports in the first two weeks of launch.
Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.