US Department of Defense claims to have flushed out 50,000 vulnerabilities with bug bounty program
Hackers are making the US safer one bounty at a time
The US Department of Defense (DoD) passed the significant milestone of logging more than 50,000 vulnerabilities through its vulnerability disclosure program (VDP).
The VDP was launched in November 2016 by the DoD Cyber Crime Center (DC3), and logged the 50,000th bug bounty on the March 15 2024.
The DC3 VDP program incentivises white-hat hackers to find bugs and vulnerabilities in DoD websites and applications by rewarding them depending on the severity of the vulnerabilities they discover.
50,000 potential avenues of attack patched
DC3 has gradually enhanced the efficiency of bug reporting and tracking over the program's lifetime, with the Vulnerability Report Management Network being launched in 2018, introducing automation to the reporting process.
In a public statement to mark the occasion, DC3 said, “The program’s advancement has enabled VDP to expand their mitigative scope to not only process findings on DoD websites and applications, but to include all publicly accessible and/or available information technology assets owned and operated by the Joint Force Headquarters DoD Information Network.”
The reward offered to ethical hackers who successfully identify vulnerabilities is expected to be significantly lower than the financial impact a potential breach could have on the DoD. In fact, 2021 saw DC3 launch a 12 month program with the Defense, Counterintelligence & Security Agency to boost the security of SMEs in the Defense Industrial Base (DIB).
According to the DC3, the initiative “saved taxpayers an estimated $61m by discovering and remediating more than 400 active vulnerabilities and Controlled Unclassified Information exfiltration threats by adversaries on DIB participants’ public-facing assets.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The DoD also holds a hackathon known as 'Hack the Pentagon' that offers ethical hackers the opportunity to seek out bugs in other critical areas of national defense such as the Army, Marine Corps, and Air Force.
More from TechRadar Pro
- Fujitsu confirms cyberattack, fears possible data breach
- These are the best malware removal services
- Here is our guide to the best laptops for programming
Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but also likes to draw on his knowledge of geopolitics and international relations to understand the motivations and consequences of state-sponsored cyber attacks. Benedict has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham.
Millions of devices still connect to this dangerous malware, despite the creators ditching it years ago
Finally! After a 7-year wait, this monitor could well be the best pro-level 8K display ever — will Asus be able to break the curse of failed 8K monitor launches with the PA32KCX Mini LED pro screen?