‘Hack DHS’ bug hunters find 122 security flaws in DHS systems

ByErma F. Brown

Apr 23, 2022 #3rd Wave Of Technology, #Active Mind Technology Steve Suda, #Adia Technology Limited, #Anxiety Caused By Technology, #Aum Technology Job Openings, #Best Books On Licensing Technology, #Best Us Companies Drivetrain Technology, #Boulder Creek Ca Technology Companies, #Bounce Box Technology, #Bridgerland Applied Technology College Cafeteria, #Cisco Technology News, #Comcast Comcast Technology Internship Program, #Complete Automated Technology, #Defence Technology News, #Definition Information Technology System, #Digital Technology, #Digital Technology Pdf, #Director, #Dxc Technology Malaysia Sdn Bhd, #Emerging Technology In Healthcare 2019, #Energy Efficient Home Technology, #Environmental Technology 2019, #Esl Information Technology Vocabulary, #Farming Technology Replacing People, #I.T. Information Technology, #Information Technology Residency Programs, #Issue With Holographic Counterfeiting Technology, #La Crosse Technology 9625 Manual, #La Crosse Technology C89201 Manual, #Lane Dedection Technology, #Long Quotes About Technology, #Micron Technology San Francisco, #Modern Steel Mill Technology, #Nc Lateral Entry Technology, #New Technology Replaces Wifi, #Russian Technology City, #Shenzhen Nearbyexpress Technology Development, #Stackoverflow Resume With Technology Interests, #State Agency For Technology, #Teacher Comfort With Technology Survey, #Technology Companies In Southwest Florida, #Technology Credit Union Address, #Technology In Mercedes Glc, #Technology Material Grant For College, #Technology Meibomian Lid, #Technology Production And Cost, #Treehouse Education Technology, #Western Technology Center Sayre Ok, #What Is Jet Intellagence Technology, #Why Women In Technology, #Will Technology Take Away Libraries


Hack DHS

The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its ‘Hack DHS’ bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity.

DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to $5,000 per bug, depending on the flaw’s severity.

“The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited,” said DHS Chief Information Officer Eric Hysen.

“We look forward to further strengthening our relationship with the researcher community as Hack DHS progresses.”

The ‘Hack DHS’ program builds upon the experience of similar efforts across the US federal government (e.g., the ‘Hack the Pentagon’ program) and the private sector.

DHS launched its first bug bounty pilot program in 2019, two years before ‘Hack DHS,’ after the SECURE Technology Act was signed into law, requiring the establishment of a security vulnerability disclosure policy and a bounty program.

Launched to develop a model for other govt organizations

The ‘Hack DHS’ bug bounty program was announced in December 2021. It requires the hackers to disclose their findings together with detailed information on the vulnerability, how it can be exploited, and how it can be used to gain access to data DHS systems.

All reported security flaws are then verified by DHS security experts within 48 hours and are fixed in 15 days or more, depending on the bug’s complexity.

One week after the launch, the DHS expanded the scope of the ‘Hack DHS’ bounty program to allow researchers to track down DHS systems impacted by Log4j-related vulnerabilities.

The decision to expand the program came on the heels of a CISA emergency directive ordering Federal Civilian Executive Branch agencies to patch their systems against the critical Log4Shell bug until December 23.

“Organizations of every size and across every sector, including federal agencies like the Department of Homeland Security, must remain vigilant and take steps to increase their cybersecurity,” added Secretary of Homeland Security Alejandro N. Mayorkas.

“Hack DHS underscores our Department’s commitment to lead by example and protect our nation’s networks and infrastructure from evolving cybersecurity threats.”


Source link