POLITICO
Get Playbook PM
Sign Up
By signing up you agree to receive email newsletters or updates from POLITICO and you agree to our privacy policy and terms of service. You can unsubscribe at any time and you can contact us here. This sign-up form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Presented by
The Joe Manchin-Joe Biden meeting today should be interesting. The two men have competing views on how to pay for Biden’s infrastructure proposals. | Oliver Contreras-Pool/Getty Images
HAPPENING SHORTLY: President
JOE BIDEN speaking about the economy from the East Room.
Plus: Student cripples EU bio lab and IRS goes after cryptocurrency Share
Copy
In brief The United States Department of Defense has opened up all of its publicly facing systems and apps to investigation under a bug bounty program.
In a massive expansion of its Vulnerability Disclosure Program, started in 2016, the DoD said it was looking for ethical hackers to look for flaws and fixes. The bug bounty system had only been aimed at websites but now Kristopher Johnson, director of its Vulnerability Disclosure Program, has said websites were only the beginning as they account for a fraction of our overall attack surface and urged the infosec community to take a wider view.
DOD Expands Hacker Program
The United States Department of Defense (DOD) has expanded its ethical hacking program to include more targets.
DoD officials announced yesterday that the Department s Vulnerability Disclosure Program will be broadened to include all publicly accessible DOD information systems.
Bug hunters were first invited to engage with the DOD in 2016 when the initiative Hack the Pentagon was launched. Through this initiative, the Defense Digital Service set up a bug bounty program to reward ethical hackers for identifying flaws in the Department s digital defenses.
Director of the Defense Digital Service Brett Goldstein said that before the initiative was introduced, ethical hackers who discovered a vulnerability had no way of communicating their findings to the DOD.
GovInfoSecurity
Compliance Twitter
Photo: Department of Defense
The Department of Defense will expand its vulnerability disclosure program in the coming months, inviting ethical hackers to find flaws in a wider array of systems and applications within the Pentagon s public-facing networks.
The Hack the Pentagon program was launched in 2016 to encourage ethical hackers and security researchers to find flaws in public-facing Defense Department applications and websites. The program is overseen by the DOD Cyber Crime Center.
Now, the Pentagon is expanding the program to include all publicly accessible Defense Department systems, which includes IoT devices, industrial control systems, networks and frequency-based communication systems.
By Lauren C. Williams
May 06, 2021
The Defense Department is expanding its vulnerability disclosure program to cover all of its publicly available systems, including networks, frequency-based communication, industrial control systems and internet-of-things devices.
Sparked by the Defense Digital Service s 2016 Hack the Pentagon initiative, the program was initially restricted to public-facing websites and applications, which limited the number and kinds of vulnerabilities reported. DOD websites were only the beginning as they account for a fraction of our overall attack surface, said Kristopher Johnson, the director for the Pentagon s Cyber Crime Center, which oversees the program
The announcement comes after the center announced a defense industry-focused pilot of its bug bounty program in April. That yearlong pilot is expected to build on lessons from the original vulnerability disclosure program, which has uncovered more than 29,000 vulnerabilities since its launch, accor