Collaborate Disseminate
By Habiba Rashid
The US military seeks public help in securing its critical cyber infrastructure with “Hack the Pentagon 3.0” bug bounty program.
This is a post from HackRead.com Read the original post: Hack the Pentagon 3.0: Groundbreaking Bug Bounty … Continue reading Hack the Pentagon 3.0: Groundbreaking Bug Bounty Program Is Back
The Pentagon is letting outside hackers go after more Department of Defense targets than ever before, in an effort to find DOD’s vulnerabilities before foreign hackers do, DOD announced Wednesday. The program, “Hack the Pentagon,” is expanding the number of DOD targets that ethical hackers can go after to try to ferret out vulnerabilities, according to the announcement. The program, which launched in 2016, previously allowed cybersecurity professionals to test DOD systems when it involved public-facing websites and applications. Now interested hackers may go after all publicly-accessible DOD information systems, including publicly-accessible networks, Internet of Things devices and industrial control systems, according to DOD. “This expansion is a testament to transforming the government’s approach to security and leapfrogging the current state of technology within DOD,” said Brett Goldstein, the director of the Defense Digital Service (DDS). The DOD Cyber Crime Center, which oversees the program, said the expansion was always […]
The post DOD expands vulnerability disclosure program, giving hackers more approved targets appeared first on CyberScoop.
Continue reading DOD expands vulnerability disclosure program, giving hackers more approved targets
Hackers are crawling all over the US Department of Defense’s websites – and DoD officials are quite happy about the whole thing. Continue reading Ethical hackers swarm Pentagon websites
Kate Moussouris sounds off on the challenges behind creating successful bug bounty programs. Continue reading Katie Moussouris: The Bug Bounty Conflict of Interest
The first-ever aviation “village” at the DEF CON security conference has an F-35 fighter jet simulator among its hacking targets, but that’s not the only reason the Defense Digital Service’s newly minted chief, Brett Goldstein, is hanging around this corner of the convention hall in Las Vegas. The agency sees it as a recruiting opportunity, too. “In this room and throughout the convention is some of the best security talent in the world,” Goldstein tells CyberScoop. “This is a win for me if I can spark the imagination of this community, get them to understand we want to collaborate with them, that the problem space is fascinating, and this is something they should think about.” Right now the DDS, which ran its first bug bounty program in 2016, has approximately 70 employees, some of which are civilians and some of which are active-duty military. But they rotate in and out approximately […]
The post At DEF CON’s aviation village, the military is interested in more than just the hacks appeared first on CyberScoop.
HackerOne’s 2018 Hacker-Powered Security Report showed that the average award for critical vulnerabilities has increased. Continue reading ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities
The Department of Defense’s latest bug bounty program exposed more than 100 security vulnerabilities worth $80,000 to the hackers who looked through the department’s travel booking system, officials said. HackerOne, a company that has supported bug bounty programs for the Air Force, Army and the Pentagon at large, ran Hack the DTS (Defense Travel System), which lasted 29 days and concluded April 29, 2018. DTS is used by millions of Pentagon employees around the world making it one of the wide-reaching pieces of enterprise software in the U.S. government. “Securing sensitive information for millions of government employees and contractors is no easy task,” Reina Staley, Chief of Staff and Hack the Pentagon program manager at Defense Digital Service, said in a statement. “No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS.” Just 19 vetted hackers took part in the program. They found 65 unique vulnerabilities including 28 ranking high […]
The post Pentagon’s latest bug bounty program pays out $80,000 appeared first on Cyberscoop.
Continue reading Pentagon’s latest bug bounty program pays out $80,000
The Department of Defense’s attraction to bug bounty programs continues with a contest to find security flaws in its travel booking system. The Pentagon is again pairing with HackerOne, a private company that has run similar programs for the Air Force, Army and the DoD at large, with hackers reporting hundreds of valid vulnerabilities and the Pentagon paying out hundreds of thousands of dollars. The latest program is focused on the Defense Travel System (DTS), an enterprise system that DoD personnel use to book things like airline and hotel reservations when they travel for DoD business. Because DTS is used by millions of people and maintains sensitive information, hardening its security is a priority for DoD, said Reina Staley, the chief of staff for the Defense Digital Service (DDS), which oversees the military’s bug bounty contests under the “Hack the Pentagon” program. “The quick, positive reception of the [Hack the Pentagon] program has been a major win; inviting hackers to uncover vulnerabilities in […]
The post The Pentagon’s latest bug bounty target is its travel booking system appeared first on Cyberscoop.
Continue reading The Pentagon’s latest bug bounty target is its travel booking system
The U.S. Department of Defense is the latest government entity to double down on vulnerabilities, on Monday announcing a new bug bounty program. Continue reading U.S. DoD Hopes To Stamp Out Threats With Bug Bounty Program
Where do they live? Why do they do it? HOW do they do it? HackerOne surveyed its registered ethical hackers to find out. Continue reading Under the hoodie: what makes bug bounty hunters tick?