The Cyber Crime Middle (DC3) of the U.S. Division of Protection says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016.
The federal company launched its Vulnerability Disclosure Program (VDP) 7.5 years in the past following a bug bounty occasion referred to as ‘Hack-the-Pentagon,’ to have interaction crowd-sourced vulnerability studies that would assist bolster its cyber defenses.
“In contrast to short-duration bug bounties, VDP’s crowd-sourced moral hackers report vulnerabilities constantly as a part of a defense-in-depth method,” reads DC3’s announcement.
“By way of its operate as the focus for receiving vulnerability studies, DC3 VDP continues to contribute considerably to DoD’s general security.”
In 2018, this system launched an automatic monitoring and processing system for the submitted studies, vastly enhancing the framework’s effectivity in addition to the expertise moral hackers obtained from their involvement.
Over time, VDP expanded its scope to incorporate vulnerabilities in all publicly accessible IT belongings, web sites, and purposes owned and operated by the Joint Power Headquarters DoD Info Community.
In 2021, DC3 and the Protection Counterintelligence and Safety Company labored collectively in a particular 12-month program that led to discovering and mitigating 400 vital security flaws, saving taxpayers a reported $61 million.
Relating to VDP’s success in 2023, although the company has not launched its annual report but, primarily based on the truth that it introduced reaching the 45,000 flaw studies milestone precisely a 12 months in the past, it may be deduced that 5,000 studies had been processed final 12 months.
That is decrease than the 7,349 vulnerabilities reported in 2022, 8% of which crucial, but it surely stays a big contribution nonetheless.
DoD’s bug bounty program on HackerOne reveals that the company has resolved over 27,000 points in complete, whereas receiving 1,231 studies within the final 90 days.
“The success of the DC3 VDP is a robust instance of how a robust relationship with the worldwide moral hacker group interprets to the constant strengthening of cyber defenses.” – Alex Rice, CTO of HackerOne
Presently, VDP’s program on HackerOne defines the scope as all “publicly accessible info methods, net property, or knowledge owned, operated, or managed by DoD.”
Moral hackers eager about contributing to the DoD cybersecurity via VDP could test all the rules right here.