By Lauren C. Williams
May 06, 2021
The Defense Department is expanding its vulnerability disclosure program to cover all of its publicly available systems, including networks, frequency-based communication, industrial control systems and internet-of-things devices.
Sparked by the Defense Digital Service's 2016 Hack the Pentagon initiative, the program was initially restricted to public-facing websites and applications, which limited the number and kinds of vulnerabilities reported.
"DOD websites were only the beginning as they account for a fraction of our overall attack surface," said Kristopher Johnson, the director for the Pentagon's Cyber Crime Center, which oversees the program
The announcement comes after the center announced a defense industry-focused pilot of its bug bounty program in April. That yearlong pilot is expected to build on lessons from the original vulnerability disclosure program, which has uncovered more than 29,000 vulnerabilities since its launch, according to a recent report.