The US government leverages the expertise of the hacking community to increase its cybersecurity protections.
Earlier this week, the Office of Digital and Artificial Intelligence (CDAO), the Directorate of Digital Services, and the Department of Defense Cybercrime Center (DC3) launched “Hack US,” a bounty hunting program aimed at identifying high-severity vulnerabilities in government systems.
As reported by VentureBeat, the Department of Defense (DoD) has earmarked about $110,000 for “white hat” hackers who discover dangerous flaws. Critical severity reports will earn hackers $1,000 per report, high severity reports $500, and there is a $3,000 reward for those in additional special categories.
Speaking to VentureBeat, Bugcrowd founder and CTO Casey Ellis says it makes sense to tap into the potential of the community, given that attackers often work in groups and often outnumber defenders.
“It takes an army of enemies to defeat an allied army, and many organizations are leveraging a community of millions of well-meaning hackers around the world who are skilled, ready and willing to help,” Ellis said. “The good folks at DoD DC3 have been great for many years. It runs a vulnerability reporting program with rigor and success, so it makes sense to see them ‘upgrade’ it to a paid bug-fixing bounty program.”
But this seems to be related not only to the number of attackers coding flaws, but also to the number of flaws. According to the VentureBeat report, the average organization has more than 30,000 vulnerabilities in the attack surface, which is far more than a small internal security team can overcome.
As a result, almost half of organizations (44%) are not sure they can properly secure all their endpoints, even if the best cybersecurity solutions are available.
40101
