DOD expands bug bounty program to all publicly accessible systems

摘要

The Defense Department is expanding its "bug bounty" program to all its publicly accessible information systems, allowing authorized hackers to investigate and report cyber vulnerabilities in industrial control systems, Internet of Things devices, and other networks. The development marks a major expansion in the scope of DOD's vulnerability disclosure program. The original program started with a "Hack the Pentagon" program in 2016 that allowed security researchers to probe public-facing DOD networks without fear of reprisal. In a little less than five years, researchers have submitted more than 29,000 vulnerability reports, and more than 70% were determined to be valid, according to DOD. The updated policy allows research and reporting of disclosures in all "publicly accessible networks, frequency-based communication, Internet of Things, industrial control systems, and more," according to Brett Goldstein, director of the Defense Digital Service.